Privacy Policy

Keep Reading

Privacy Policy

DateVersionReasons for Change Author
24.05.251.4Section(s) updated: 1,2,3Vicki Turner
12.05.251.3Section(s) updated: 1,2,3Vicki Turner
10.05.251.2Section(s) updated: 1,2,3Vicki Turner
10.05.251.1Section(s) updated: 1,3Vicki Turner
09.05.251.0Initial generationVicki Turner

Introduction

Amethyst Assessment Centre respects the privacy of its customers, suppliers and partners. We have therefore formulated and implemented a policy on complete transparency regarding the processing of personal data, its purpose(s) and the possibilities to exercise your legal rights in the best possible way. For employees, we have formulated a separate privacy policy, available upon employment and upon request. This privacy policy pertains to processing by Amethyst Assessment Centre by means other than through the use of cookies. Amethyst Assessment Centre has formulated a separate cookie policy, which can be found on
our Amethyst Assessment Centre’s websites: https://www.amethystassessmentcentre.co.uk/

Definitions

  • Party responsible for processing personal data: Amethyst Assessment Centre; with registered address at Melrose House, 181 Chorley New Road, Bolton, Lancashire, BL1 4QZ in United Kingdom; company
    registration number 13882403 and Data Protection Officer Vicki Turner who can be reached at
    [email protected] (the “Controller”).
  • Data Protection Authority: The Data Protection Authority of United Kingdom.
  • Data Protection laws:
    – For European citizens or residents, the EU GDPR 2018; the EU e-privacy directive 2002 (soon to be
    replaced by the EU e-privacy regulation);
    – For UK citizens or residents, the UK GDPR 2020 and the UK Data Protection Act 2018
    and the national laws of the countries where we operate.

Collection of data

  • Your personal data will be collected by Amethyst Assessment Centre and its data processors.
  • Personal data means any information relating to an identified or identifiable natural person (‘data
    subject’).
  • An identifiable natural person is one who can be identified, directly or indirectly, in particular by
    reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The types of personal data we may process through third party
applications:

Business processDataLegal basis
ComplianceEmployees – Email Address, Last Name, First Name, Job Title
Users – Subscription Data, First Name, Last Name, Job Title,
Email Address
Company – Contracts, Last Name, Email Address, Intellectual
Property, First Name
Legal
Obligation
Compliance
Payment ProcessingContractors – Bank account or creditcard number, First
Name, Last Name, Salary Information
Business Partners – Bank account or creditcard number,
Salary Information, Last Name, First Name
Suppliers – Bank account or creditcard number, Last Name,
First Name
Patients – Bank account or creditcard number, First Name,
Last Name
Customers – Last Name, First Name, Bank account or
creditcard number, Email Address
Company – Email Address, First Name, Bank account or
creditcard number, Last Name
Data
Subject
Consent
PayrollContractors – Bank account or creditcard number, First
Name, Last Name, Salary Information
Business Partners – Bank account or creditcard number,
Salary Information, Last Name, First Name
Suppliers – Bank account or creditcard number, Last Name,
First Name
Patients – Bank account or creditcard number, First Name,
Last Name
Contract
Performance
Document StorageContractors – First Name, Last Name, Job Title, Email
Address, Date of Birth, Place of Birth, Age or Age Group,
Telephone Number, Home Address, User Name, Copy of ID,
National Insurance Number, Gender, Photographs,
Educational and Employment History, Salary Information,
Advice Secondary Education, Educational Year
Business Partners – First Name, Date of Birth, Last Name,
Job Title, Place of Birth, Age or Age Group, Email Address,
Home Address, Telephone Number, User Name, Copy of ID,
Gender, Photographs, National Insurance Number,
Educational and Employment History, Salary Information,
Browser Information
Patients – First Name, Last Name, Age or Age Group, Place
of Birth, Job Title, Date of Birth, User Name, General Health
Data, Medical Condition, Non-medical tracking (e.g. sleep;
food intake), Medical History, Medicines, IP Address
Users – First Name, Last Name, Email Address, User Name,
IP Address
Stakeholders – First Name, Last Name, Job Title, Email
Address, User Name, IP Address
Legitimate
Interests
Office ManagementContractors – First Name, Last Name, Job Title, Email
Address, Date of Birth, Place of Birth, Age or Age Group,
Telephone Number, Home Address, User Name, Copy of ID,
National Insurance Number, Gender, Photographs,
Educational and Employment History, Salary Information,
Advice Secondary Education, Educational Year
Business Partners – First Name, Date of Birth, Last Name,
Job Title, Place of Birth, Age or Age Group, Email Address,
Home Address, Telephone Number, User Name, Copy of ID,
Gender, Photographs, National Insurance Number,
Educational and Employment History, Salary Information,
Browser Information
Patients – Home Address, Place of Birth, Age or Age Group,
Last Name, Job Title, Date of Birth, First Name, Religion,
Educational Method, Information Guardian or Parent(s),
Telephone Number, Class, Educational Type, Educational
and Employment History, Non-medical tracking (e.g. sleep;
food intake), Medical History, Medicines, General Health
Data, Medical Condition, Gender, Protected characteristics,
Email Address
Company – Intellectual Property
Legitimate
Interests
Password ManagerContractors – First Name, Last Name, Job Title, Email
Address, Date of Birth, Place of Birth, Age or Age Group,
Telephone Number, Home Address, User Name, Copy of ID,
National Insurance Number, Gender, Photographs,
Educational and Employment History, Salary Information,
Advice Secondary Education, Educational Year
Business Partners – First Name, Date of Birth, Last Name,
Job Title, Place of Birth, Age or Age Group, Email Address,
Home Address, Telephone Number, User Name, Copy of ID,
Gender, Photographs, National Insurance Number,
Educational and Employment History, Salary Information,
Browser Information
Legitimate
Interests
User
Management/Authentication
Contractors – First Name, Last Name, Job Title, Email
Address, Date of Birth, Place of Birth, Age or Age Group,
Telephone Number, Home Address, User Name, Copy of ID,
National Insurance Number, Gender, Photographs,
Educational and Employment History, Salary Information,
Advice Secondary Education, Educational Year
Business Partners – First Name, Date of Birth, Last Name,
Job Title, Place of Birth, Age or Age Group, Email Address,
Home Address, Telephone Number, User Name, Copy of ID,
Gender, Photographs, National Insurance Number,
Educational and Employment History, Salary Information,
Browser Information
Users – Email Address, First Name, Last Name
Contract
Performance
EmailContractors – First Name, Last Name, Job Title, Email
Address, Date of Birth, Place of Birth, Age or Age Group,
Telephone Number, Home Address, User Name, Copy of ID,
National Insurance Number, Gender, Photographs,
Educational and Employment History, Salary Information,
Advice Secondary Education, Educational Year
Business Partners – First Name, Date of Birth, Last Name,
Job Title, Place of Birth, Age or Age Group, Email Address,
Home Address, Telephone Number, User Name, Copy of ID,
Gender, Photographs, National Insurance Number,
Educational and Employment History, Salary Information,
Browser Information
Legitimate
Interests
ClinicalPatients – First Name, Last Name, Age or Age Group, Place
of Birth, Job Title, Date of Birth, User Name, General Health
Data, Medical Condition, Non-medical tracking (e.g. sleep;
food intake), Medical History, Medicines, IP Address, Home
Address, Religion, Educational Method, Information
Guardian or Parent(s), Telephone Number, Class,
Educational Type, Educational and Employment History,
Gender, Protected characteristics, Email Address, Health
Service/NHS Number, Video, Educational Year
Users – First Name, Last Name, Email Address, User Name,
IP Address, Job Title
Stakeholders – First Name, Last Name, Job Title, Email
Address, User Name, IP Address
Company – Intellectual Property
Data
Subject
Consent
CommunicationPatients – First Name, Last Name, Age or Age Group, Place
of Birth, Job Title, Date of Birth, User Name, General Health
Data, Medical Condition, Non-medical tracking (e.g. sleep;
food intake), Medical History, Medicines, IP Address, Home
Address, Religion, Educational Method, Information
Guardian or Parent(s), Telephone Number, Class,
Educational Type, Educational and Employment History,
Gender, Protected characteristics, Email Address
Users – First Name, Last Name, Email Address, User Name,
IP Address
Stakeholders – First Name, Last Name, Job Title, Email
Address, User Name, IP Address
Company – Intellectual Property
Legitimate
Interests
Website HostingUsers – First Name, Last Name, Age or Age Group, Date of
Birth, Email Address, Telephone Number, Home Address, IP
Address, Browser Information
Legitimate
Interests
PaymentContractors – Bank account or creditcard number, First
Name, Last Name, Salary Information
Business Partners – Bank account or creditcard number,
Salary Information, Last Name, First Name
Suppliers – Bank account or creditcard number, Last Name,
First Name
Patients – Bank account or creditcard number, First Name,
Last Name
Contract
Performance

The types of personal data we may process through suppliers:

Business processDataLegal basis
Office ProvisionPatients – First Name, Date of Birth, Last Name, Age or Age
Group, Email Address, Telephone Number, Home Address,
Gender, Medical Condition, General Health Data
Contract
Performance
AccountancyBusiness Partners – First Name, Last Name, Age or Age Group,
Job Title, Email Address, Home Address, Gender, Salary
Information, Bank account or creditcard number
Contractors – First Name, Last Name, Job Title, Salary
Information
Legal
Obligation
Compliance
Health ServicesPatients – First Name, Date of Birth, Last Name, Job Title, Age or
Age Group, Place of Birth, Email Address, Home Address,
Telephone Number, Gender, Protected characteristics, General
Health Data, Medical Condition, Medical History, Non-medical
tracking (e.g. sleep; food intake), Medicines, Educational Type,
Religion, Advice Secondary Education, Educational Year,
Student Number, Educational Method, Information Guardian or
Parent(s), Educational and Employment History, Class
Legal
Obligation
Compliance

Purposes

Amethyst Assessment Centre processes personal data for one or more of the following purposes:

  • Customer, employee, contractor, partner or supplier management
  • Business and financial administration
  • Direct marketing
  • Delivery of goods or services
  • Work planning

How we collect, store or otherwise process your data:

The following business processes describe how we may collect, store or otherwise process the types of
personal information:

  • Collection of cookies, subscription to newsletter or filling out the contact form on the website(s);
  • Analyse trends and profiles, for our legitimate interest to aim to enhance, modify, personalise and
  • improve our services and communications for the benefit of our customers;
  • Process and respond to support requests, enquiries and complaints received from you through use of
  • business email;
  • Provide services and products requested and/or purchased by you and to communicate with you about
  • such services and/or products. We do this as necessary in order to carry out a contract with you and in
  • accordance with our legitimate interest to operate a business;
  • Carry out administrative activities such as invoicing and collecting payments either locally on devices or
  • using cloud-services;
  • Store and exchange personal information contained in documents through email and cloud-services;
  • Marketing and customer acquisition through email or using cloud-services.

Sharing data with third parties

We may have to share your data with third parties, including third-party service providers. We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer your Personal Data outside United Kingdom. If we do, you can expect a similar degree of protection in respect of your Personal Data. We will only share your Personal Data with third parties in accordance with the GDPR and as outlined in the legal justification table above. We share your personal data with the following enterprise third parties. We also share your data with SME third parties, details of which are available upon request. You will be notified when we have engaged with a new third party recipient of your personal data.

Naq Cyber

FunctionCompliance
Data categoriesEmail Address, First Name, Job Title, Last Name
Data subjectsEmployees
Security measuresPhysical security such as access controls, clean
desk policy and CCTV; Access controls and
prevention of unauthorised access on the basis of
roles and strong authentication methods; All data is
encrypted at rest and access is only permitted via
encrypted channels (e.g. SSL); Data is minimized
and regularly deleted according to national
retention periods.

Microsoft Office 365

FunctionDocument Storage, Email, Office Management,
Password Manager, User
Management/Authentication
Data categoriesAdvice Secondary Education, Age or Age Group,
Browser Information, Copy of ID, Date of Birth,
Educational and Employment History, Educational
Year, Email Address, First Name, Gender, Home
Address, Job Title, Last Name, National Insurance
Number, Photographs, Place of Birth, Salary
Information, Telephone Number, User Name
Data subjectsBusiness Partners, Contractors
Security measuresPhysical security such as access controls, clean
desk policy and CCTV; Access controls and
prevention of unauthorised access on the basis of
roles and strong authentication methods; All data is
encrypted at rest and access is only permitted via
encrypted channels (e.g. SSL); Data is minimized
and regularly deleted according to national
retention periods.

Microsoft Teams

FunctionClinical, Communication, Document Storage
Data categoriesAge or Age Group, Date of Birth, Email Address,
First Name, General Health Data, IP Address, Job
Title, Last Name, Medical Condition, Medical
History, Medicines, Non-medical tracking (e.g.
sleep; food intake), Place of Birth, User Name
Data subjectsPatients, Stakeholders, Users
Security measuresPhysical security such as access controls, clean
desk policy and CCTV; Access controls and
prevention of unauthorised access on the basis of
roles and strong authentication methods; All data is
encrypted at rest and access is only permitted via
encrypted channels (e.g. SSL); Data is minimized
and regularly deleted according to national
retention periods.

Barclays

FunctionPayment, Payment Processing, Payroll
Data categoriesBank account or creditcard number, First Name,
Last Name, Salary Information
Data subjectsBusiness Partners, Contractors, Patients, Suppliers
Security measuresPhysical security such as access controls, clean
desk policy and CCTV; Access controls and
prevention of unauthorised access on the basis of
roles and strong authentication methods; All data is
encrypted at rest and access is only permitted via
encrypted channels (e.g. SSL); Data is minimized
and regularly deleted according to national
retention periods.

WordPress

FunctionWebsite Hosting
Data categoriesAge or Age Group, Browser Information, Date of
Birth, Email Address, First Name, Home Address, IP
Address, Last Name, Telephone Number
Data subjectsUsers
Security measuresPhysical security such as access controls, clean
desk policy and CCTV; Access controls and
prevention of unauthorised access on the basis of
roles and strong authentication methods; All data is
encrypted at rest and access is only permitted via
encrypted channels (e.g. SSL); Data is minimized
and regularly deleted according to national
retention periods.

Adobe Acrobat

FunctionClinical, Communication, Office Management
Data categoriesAge or Age Group, Class, Date of Birth, Educational
and Employment History, Educational Method,
Educational Type, Email Address, First Name,
Gender, General Health Data, Home Address,
Information Guardian or Parent(s), Intellectual
Property, Job Title, Last Name, Medical Condition,
Medical History, Medicines, Non-medical tracking
(e.g. sleep; food intake), Place of Birth, Protected
characteristics, Religion, Telephone Number
Data subjectsCompany, Patients
Security measuresPhysical security such as access controls, clean
desk policy and CCTV; Access controls and
prevention of unauthorised access on the basis of
roles and strong authentication methods; All data is
encrypted at rest and access is only permitted via
encrypted channels (e.g. SSL); Data is minimized
and regularly deleted according to national
retention periods.

Egress Software

FunctionCommunication
Data categoriesAge or Age Group, Class, Date of Birth, Educational
and Employment History, Educational Method,
Educational Type, Email Address, First Name,
Gender, General Health Data, Home Address,
Information Guardian or Parent(s), Last Name,
Medical Condition, Medical History, Medicines, Non
medical tracking (e.g. sleep; food intake), Place of
Birth, Protected characteristics, Religion, Telephone
Number
Data subjectsPatients
Security measuresPhysical security such as access controls, clean
desk policy and CCTV; Access controls and
prevention of unauthorised access on the basis of
roles and strong authentication methods; All data is
encrypted at rest and access is only permitted via
encrypted channels (e.g. SSL); Data is minimized
and regularly deleted according to national
retention periods.

Google authenticator

FunctionUser Management/Authentication
Data categoriesEmail Address, First Name, Last Name
Data subjectsUsers
Security measuresPhysical security such as access controls, clean
desk policy and CCTV; Access controls and
prevention of unauthorised access on the basis of
roles and strong authentication methods; All data is
encrypted at rest and access is only permitted via
encrypted channels (e.g. SSL); Data is minimized
and regularly deleted according to national
retention periods.

WriteUpp

FunctionClinical
Data categoriesAge or Age Group, Class, Date of Birth, Educational
Method, Educational Type, Educational Year, Email
Address, First Name, Gender, General Health Data,
Health Service/NHS Number, Home Address,
Information Guardian or Parent(s), Job Title, Last
Name, Medical Condition, Medical History,
Medicines, Non-medical tracking (e.g. sleep; food
intake), Place of Birth, Protected characteristics,
Religion, Telephone Number, User Name, Video
Data subjectsPatients, Users
Security measuresPhysical security such as access controls, clean
desk policy and CCTV; Access controls and
prevention of unauthorised access on the basis of
roles and strong authentication methods; All data is
encrypted at rest and access is only permitted via
encrypted channels (e.g. SSL); Data is minimized
and regularly deleted according to national
retention periods.

QbCheck

FunctionClinical
Data categoriesAge or Age Group, Date of Birth, Email Address,
First Name, Gender, Last Name, Video
Data subjectsPatients, Users
Security measuresPhysical security such as access controls, clean
desk policy and CCTV; Access controls and
prevention of unauthorised access on the basis of
roles and strong authentication methods; All data is
encrypted at rest and access is only permitted via
encrypted channels (e.g. SSL); Data is minimized
and regularly deleted according to national
retention periods.

Quality Compliance Systems

FunctionCompliance
Data categoriesEmail Address, First Name, Job Title, Last Name,
Subscription Data
Data subjectsUsers
Security measuresPhysical security such as access controls, clean
desk policy and CCTV; Access controls and
prevention of unauthorised access on the basis of
roles and strong authentication methods; All data is
encrypted at rest and access is only permitted via
encrypted channels (e.g. SSL); Data is minimized
and regularly deleted according to national
retention periods.

DSPT Portal

FunctionCompliance
Data categoriesContracts, Email Address, First Name, Intellectual
Property, Last Name
Data subjectsCompany, Users
Security measuresPhysical security such as access controls, clean
desk policy and CCTV; Access controls and
prevention of unauthorised access on the basis of
roles and strong authentication methods; All data is
encrypted at rest and access is only permitted via
encrypted channels (e.g. SSL); Data is minimized
and regularly deleted according to national
retention periods.

Square Up

FunctionPayment Processing
Data categoriesBank account or creditcard number, Email Address,
First Name, Last Name
Data subjectsCompany, Customers
Security measuresPhysical security such as access controls, clean
desk policy and CCTV; Access controls and
prevention of unauthorised access on the basis of
roles and strong authentication methods; All data is
encrypted at rest and access is only permitted via
encrypted channels (e.g. SSL); Data is minimized
and regularly deleted according to national
retention periods.

International data transfers

The third parties we have engaged for the abovementioned business process may transfer your personal information to outside of your jurisdiction. Amethyst Assessment Centre’s third party processors take all necessary measures to ensure the confidentiality, availability and integrity of personal data and to comply with the GDPR with regards to international data transfers. The international nature of its compliance
certifications, as well as far-reaching technical security measures (including but not limited to encryption of the personal data, making the data illegible to an unauthorised recipient) are sufficient to ensure that the data subjects continue to benefit from the fundamental rights they are entitled to under the GDPR.


Where Amethyst Assessment Centre transfers data to third countries, it relies on the following legal grounds for international data transfers:

  • An Adequacy Decision in accordance with article 45 of the GDPR
  • In the absence of an Adequacy Decision, appropriate safeguards in the form of Standard Contractual Clauses or Binding Corporate Rules.

In the event that Amethyst Assessment Centre is reliant on Standard Contractual Clauses for the legality of its international data transfer, it ensures that the Processor or Subprocessor takes supplementary security measures to safeguard the international data transfer with one or more of the following measures:

  • Encryption;
  • Anonymisation;
  • Pseudonymisation.

Storage and protection of data

Your data is protected by Amethyst Assessment Centre and its processors in pursuance to all legal requirements set by the relevant data processing laws. Amethyst Assessment Centre has taken technical
and organisational security measures to protect your data and requires its data processors to meet the same requirements. Amethyst Assessment Centre has signed processing agreements with its processors to ensure an adequate level of data protection.


The following security measures are taken by Amethyst Assessment Centre to protect your personal data in the course of the listed business processes:

Organisational security measures

Staff

Amethyst Assessment Centre staff members are required to conduct themselves in a manner consistent with Amethyst Assessment Centre’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. All staff members undergo appropriate background checks prior to hiring and sign a confidentiality agreement outlining their responsibility in protecting customer data.


We continuously train staff members on best security practices, including how to identify social hacks, phishing scams, and hackers.

Access controls

Amethyst Assessment Centre maintains your data privacy by allowing only authorized individuals access to information when it is critical to complete tasks for you. Amethyst Assessment Centre staff members will not process customer data without authorisation.

Data hosting

As a rule, data is hosted within countries and areas that provide a substantially similar level of protection as data subjects have under the GDPR. To ensure this, we rely on Adequacy Decisions as a legal basis for our international data transfers. In exceptional circumstances, where data is transferred to a country or area not subject to an Adequacy Decision, we rely on Standard Contractual Clauses with the recipient and take supplementary security measures to secure this data transfer, such as anonymisation.

Physical security

The data centres on which personal data is hosted are secured and monitored 24/7 and physical access to facilities is strictly limited to select staff.

Technical security measures

All devices which are used to access personal data for which we are responsible are secured with antivirus software, firewalls, encryption and access management. We regularly update operating systems and software to ensure vulnerabilities cannot be exploited.

We carry out regular vulnerability scanning of our website and have engaged credentialed external auditors to verify the adequacy of our security and privacy measures.

Your rights regarding information

Each data subject has the right to information on and access to, and rectification, erasure and restriction of processing of their personal data, as well as the right to object to the processing and the right to data
portability.You also have the right to request that you are not made subject to decision making based solely on automated processes, including profiling, if these decisions would have a significant effect on you.


You can exercise these rights by contacting us at the following email address: [email protected]. If we have any doubts as to your identity, we may request you to provide us with proof of identification, such as through sending us a copy of your valid ID. Ensure that you write “Data Request” in the subject line of your email.


Within one month of the submitted request, you will receive an answer from us. We will not charge you for submitting your request unless the request is manifestly unfounded or otherwise unreasonable in its nature.
Depending on the complexity and the number of the requests this period may be extended to two months.

Marketing

  • You may receive commercial offers from Amethyst Assessment Centre. If you do not wish to receive them (anymore), please send us an email to the following address: [email protected] and ensure that you write “Data Opt-Out” in the subject line of your email.
  • Your personal data will not be used by our partners for commercial purposes.
  • If you encounter any personal data from other data subjects while visiting our website, you are to refrain from collection, any unauthorized use or any other act that constitutes an infringement of the privacy of the data subject(s) in question. The collector is not responsible in these circumstances.

Data retention

The collected data are used and retained for the duration determined by law. You may, at any time, request your data to be deleted from any Amethyst Assessment Centre account, system or other data processing
medium in accordance with the process described above.

Applicable law

These conditions are governed by the laws and regulations of the country where we are headquartered. The court in the district where we are headquartered has the sole jurisdiction if any dispute regarding these conditions may arise, save when a legal exception applies.

Children’s Data

We do not knowingly process children’s data, unless specifically stated in this Privacy Policy. If you have concerns about or knowledge of a child using our services, products, websites or apps without parental consent, please contact our DPO via [email protected] to ensure we can take appropriate action as soon as possible.

Contact

For questions about this privacy policy, product information or information about the website itself, please contact: [email protected].

International data transfers

Naq Cyber

Third party headquarter addressVlamingstraat 4, 2712BZ, Zoetermeer, The
Netherlands
The primary location of processing is the The
Netherlands.
Personal data collected by Naq Cyber may be
stored and processed in any country where Naq
Cyber or its affiliates, subsidiaries, or service
providers operate facilities.
Safeguards (art. 45 GDPR)Adequacy decision exists between United Kingdom
and The Netherlands
Additional safeguardsEncryption
Anonymisation where possible
Pseudonymisation where possible
For more information, see Naq Cyber’s
Privacy Policy
https://www.naqcyber.com/policies/privacy-policy

Microsoft Office 365

Third party headquarter address1 Microsoft Way, Redmond, WA 98052-6399, United
States of America
The primary location of processing is the The
Netherlands.
Personal data collected by Microsoft Office 365 may
be stored and processed in any country where
Microsoft Office 365 or its affiliates, subsidiaries, or
service providers operate facilities.
Safeguards (art. 45 GDPR)Adequacy decision exists between United Kingdom
and United States of America
Additional safeguardsEncryption
Anonymisation where possible
Pseudonymisation where possible
For more information, see Microsoft Office
365’s Privacy Policy
https://privacy.microsoft.com/en
ca/privacystatement

Microsoft Teams

Third party headquarter address1 Microsoft Way, Redmond, WA 98052-6399, United
States of America
The primary location of processing is the The
Netherlands.
Personal data collected by Microsoft Teams may be
stored and processed in any country where
Microsoft Teams or its affiliates, subsidiaries, or
service providers operate facilities.
Safeguards (art. 45 GDPR)Adequacy decision exists between United Kingdom
and United States of America
Additional safeguardsEncryption
Anonymisation where possible
Pseudonymisation where possible
For more information, see Microsoft Teams’s
Privacy Policy
https://privacy.microsoft.com/enus/
privacystatement

WordPress

Third party headquarter addressSan Francisco, California, United States of America
The primary location of processing is the The
Netherlands.
Personal data collected by WordPress may be
stored and processed in any country where
WordPress or its affiliates, subsidiaries, or service
providers operate facilities.
Safeguards (art. 45 GDPR)Adequacy decision exists between United Kingdom
and United States of America
Additional safeguardsEncryption
Anonymisation where possible
Pseudonymisation where possible
For more information, see WordPress’s
Privacy Policy
https://automattic.com/privacy/

Adobe Acrobat

Third party headquarter address345 Park Avenue San Jose, CA 95110-2704, United
States of America
The primary location of processing is the The
Netherlands.
Personal data collected by Adobe Acrobat may be
stored and processed in any country where Adobe
Acrobat or its affiliates, subsidiaries, or service
providers operate facilities.
Safeguards (art. 45 GDPR)Adequacy decision exists between United Kingdom
and United States of America
Additional safeguardsEncryption
Anonymisation where possible
Pseudonymisation where possible
For more information, see Adobe Acrobat’s
Privacy Policy
https://www.adobe.com/privacy.html

Google authenticator

Third party headquarter address1600 Amphitheatre Parkway, Mountain View, CA,
94043, United States of America
The primary location of processing is the The
Netherlands.
Personal data collected by Google authenticator
may be stored and processed in any country where
Google authenticator or its affiliates, subsidiaries, or
service providers operate facilities.
Safeguards (art. 45 GDPR)Adequacy decision exists between United Kingdom
and United States of America
Additional safeguardsEncryption
Anonymisation where possible
Pseudonymisation where possible
For more information, see Google
authenticator’s Privacy Policy
https://policies.google.com/privacy

QbCheck

Third party headquarter addressCardellgatan 1, 114 36 Stockholm, Sweden
The primary location of processing is the The
Netherlands.
Personal data collected by QbCheck may be stored
and processed in any country where QbCheck or its
affiliates, subsidiaries, or service providers operate
facilities.
Safeguards (art. 45 GDPR)Adequacy decision exists between United Kingdom
and Sweden
Additional safeguardsEncryption
Anonymisation where possible
Pseudonymisation where possible
For more information, see QbCheck’s Privacy
Policy
https://www.qbcheck.com/public-info/data-privacy

Search

Amethyst Assessment Centre Logo

Have you got questions for us?

For questions about our assessment process, or for anything else get in touch using either of the following.

View Contact Info