Chemistry Website and Data Privacy
For information regarding Chemistry's approach to data privacy whenever providing services to clients, please see the below information:
Chemistry Services and Data Privacy
From a legal GDPR perspective, The Chemistry Group ('Chemistry') only operates as a Data Processor with it’s clients being the Data Controller. This is always confirmed in written agreements with our clients - either in the Master Services Agreement, Terms of Business, Statements of Work or Data Privacy Agreement between Chemistry and it’s clients.
This means that Chemistry is legally and commercially obliged to only do exactly what it is instructed to do by it’s clients with their data. Any Personally Identifiable (PI) data Chemistry collects while performing services for it’s clients can not be used by Chemistry for any purpose other than the purpose agreed with its clients. The data is never shared with 3rd parties without explicit instruction from our clients.
How Chemistry will use your data:
[Client] = represents any of Chemistry’s clients
- To provide the Services, Chemistry will process PI data only as set out in the Master Services Agreement/Terms of Business/Statements of Work/Data Privacy Agreement as signed between Chemistry and it’s clients.
- Personal data will be collected and processed:
- via Chemistry’s secure proprietary software platform where it will be encrypted during transmission and at rest
- from [Client] via Chemistry’s selected third party secure file storage and sharing system - unless instructed in writing by [Client] to store or share in an equivalent system specified by the [Client].
- through selected third party or survey provider sub processors which implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
- The personal data will be accessed and processed only by authorised Chemistry employees. When processing data with [Client] these employees will store it as protected files on Chemistry’s selected third party secure file storage and sharing system - unless instructed in writing by [Client] to store or share in an equivalent system specified by the [Client].
- To enable Chemistry Group to perform studies to prove the fairness of any assessments deployed for [Client] (their predictive validity) then for the period of the provision of services Chemistry will need to be able to match employee performance data supplied by [client] to applicant assessment data using an individual’s name and email. [Client] agrees that Chemistry may retain such personal data throughout the period of the provision of services for this purpose.
In the event that [Client] requires Chemistry to remove such personal information before the end of the provision of the services, [Client] will instruct Chemistry in writing confirming at what point in the licence period [Client] requires personal data to be anonymised by Chemistry AND as required during the period of the licence will provide employee performance data to Chemistry matched against a certificate ID supplied by Chemistry.
- Who is collecting my data ?
[Client] has contracted The Chemistry Group ('Chemistry') to collect the data, analyse and deliver, depending on the project, a combination of:
- individual reports directly to participants
- present back aggregated insight data at the team or department level
- present back aggregated summary data
From a legal GDPR perspective, [Client] is the Data Controller and Chemistry are the Data Processor.
- Where is it being held ?
The Chemistry Group leverages either its own proprietary platform or a suitable sub-processor platform as appropriate to securely collect and store the data. All are hosted in EU Datacenters.
A full list of sub-processors can be found here: https://thechemistrygroup.com/sub-processors
- Who has access to it ?
Chemistry's Science team and members of the Project team working with [Client] have access. Chemistry's Science team will analyse the data, produce reports and aggregate insight summaries. If requested by [Client] - the individual reports will be delivered directly to the individuals and aggregate summaries presented back to [Client] stakeholders.
- How do I know that this data is not shared with other 3rd parties ?
As the Data Processor, Chemistry is solely working under the direction of [Client] and will not share any data with 3rd parties unless explicitly instructed to do so. It would be illegal for Chemistry to do so without instruction or prior agreement.
- What level of control do I have over the private data I am sharing with this company?
Personally identifiable (PI) data will be removed at [Client]'s request or at the termination of the contract between Chemistry and [Client]. If Chemistry receive a request from [Client] to delete an individual's data they will do so.
- Why can't this survey be done anonymously?
Chemistry has been instructed by [Client] to contact a named list of employees to invite them to the survey and to deliver a personalised report back to each individual.