Privacy Policy
| Date | Version | Reasons for Change | Author |
| 24.05.25 | 1.4 | Section(s) updated: 1,2,3 | Vicki Turner |
| 12.05.25 | 1.3 | Section(s) updated: 1,2,3 | Vicki Turner |
| 10.05.25 | 1.2 | Section(s) updated: 1,2,3 | Vicki Turner |
| 10.05.25 | 1.1 | Section(s) updated: 1,3 | Vicki Turner |
| 09.05.25 | 1.0 | Initial generation | Vicki Turner |
Introduction
Amethyst Assessment Centre respects the privacy of its customers, suppliers and partners. We have therefore formulated and implemented a policy on complete transparency regarding the processing of personal data, its purpose(s) and the possibilities to exercise your legal rights in the best possible way. For employees, we have formulated a separate privacy policy, available upon employment and upon request. This privacy policy pertains to processing by Amethyst Assessment Centre by means other than through the use of cookies. Amethyst Assessment Centre has formulated a separate cookie policy, which can be found on
our Amethyst Assessment Centre’s websites: https://www.amethystassessmentcentre.co.uk/
Definitions
- Party responsible for processing personal data: Amethyst Assessment Centre; with registered address at Melrose House, 181 Chorley New Road, Bolton, Lancashire, BL1 4QZ in United Kingdom; company
registration number 13882403 and Data Protection Officer Vicki Turner who can be reached at
[email protected] (the “Controller”). - Data Protection Authority: The Data Protection Authority of United Kingdom.
- Data Protection laws:
– For European citizens or residents, the EU GDPR 2018; the EU e-privacy directive 2002 (soon to be
replaced by the EU e-privacy regulation);
– For UK citizens or residents, the UK GDPR 2020 and the UK Data Protection Act 2018
and the national laws of the countries where we operate.
Collection of data
- Your personal data will be collected by Amethyst Assessment Centre and its data processors.
- Personal data means any information relating to an identified or identifiable natural person (‘data
subject’). - An identifiable natural person is one who can be identified, directly or indirectly, in particular by
reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The types of personal data we may process through third party
applications:
| Business process | Data | Legal basis |
| Compliance | Employees – Email Address, Last Name, First Name, Job Title Users – Subscription Data, First Name, Last Name, Job Title, Email Address Company – Contracts, Last Name, Email Address, Intellectual Property, First Name | Legal Obligation Compliance |
| Payment Processing | Contractors – Bank account or creditcard number, First Name, Last Name, Salary Information Business Partners – Bank account or creditcard number, Salary Information, Last Name, First Name Suppliers – Bank account or creditcard number, Last Name, First Name Patients – Bank account or creditcard number, First Name, Last Name Customers – Last Name, First Name, Bank account or creditcard number, Email Address Company – Email Address, First Name, Bank account or creditcard number, Last Name | Data Subject Consent |
| Payroll | Contractors – Bank account or creditcard number, First Name, Last Name, Salary Information Business Partners – Bank account or creditcard number, Salary Information, Last Name, First Name Suppliers – Bank account or creditcard number, Last Name, First Name Patients – Bank account or creditcard number, First Name, Last Name | Contract Performance |
| Document Storage | Contractors – First Name, Last Name, Job Title, Email Address, Date of Birth, Place of Birth, Age or Age Group, Telephone Number, Home Address, User Name, Copy of ID, National Insurance Number, Gender, Photographs, Educational and Employment History, Salary Information, Advice Secondary Education, Educational Year Business Partners – First Name, Date of Birth, Last Name, Job Title, Place of Birth, Age or Age Group, Email Address, Home Address, Telephone Number, User Name, Copy of ID, Gender, Photographs, National Insurance Number, Educational and Employment History, Salary Information, Browser Information Patients – First Name, Last Name, Age or Age Group, Place of Birth, Job Title, Date of Birth, User Name, General Health Data, Medical Condition, Non-medical tracking (e.g. sleep; food intake), Medical History, Medicines, IP Address Users – First Name, Last Name, Email Address, User Name, IP Address Stakeholders – First Name, Last Name, Job Title, Email Address, User Name, IP Address | Legitimate Interests |
| Office Management | Contractors – First Name, Last Name, Job Title, Email Address, Date of Birth, Place of Birth, Age or Age Group, Telephone Number, Home Address, User Name, Copy of ID, National Insurance Number, Gender, Photographs, Educational and Employment History, Salary Information, Advice Secondary Education, Educational Year Business Partners – First Name, Date of Birth, Last Name, Job Title, Place of Birth, Age or Age Group, Email Address, Home Address, Telephone Number, User Name, Copy of ID, Gender, Photographs, National Insurance Number, Educational and Employment History, Salary Information, Browser Information Patients – Home Address, Place of Birth, Age or Age Group, Last Name, Job Title, Date of Birth, First Name, Religion, Educational Method, Information Guardian or Parent(s), Telephone Number, Class, Educational Type, Educational and Employment History, Non-medical tracking (e.g. sleep; food intake), Medical History, Medicines, General Health Data, Medical Condition, Gender, Protected characteristics, Email Address Company – Intellectual Property | Legitimate Interests |
| Password Manager | Contractors – First Name, Last Name, Job Title, Email Address, Date of Birth, Place of Birth, Age or Age Group, Telephone Number, Home Address, User Name, Copy of ID, National Insurance Number, Gender, Photographs, Educational and Employment History, Salary Information, Advice Secondary Education, Educational Year Business Partners – First Name, Date of Birth, Last Name, Job Title, Place of Birth, Age or Age Group, Email Address, Home Address, Telephone Number, User Name, Copy of ID, Gender, Photographs, National Insurance Number, Educational and Employment History, Salary Information, Browser Information | Legitimate Interests |
| User Management/Authentication | Contractors – First Name, Last Name, Job Title, Email Address, Date of Birth, Place of Birth, Age or Age Group, Telephone Number, Home Address, User Name, Copy of ID, National Insurance Number, Gender, Photographs, Educational and Employment History, Salary Information, Advice Secondary Education, Educational Year Business Partners – First Name, Date of Birth, Last Name, Job Title, Place of Birth, Age or Age Group, Email Address, Home Address, Telephone Number, User Name, Copy of ID, Gender, Photographs, National Insurance Number, Educational and Employment History, Salary Information, Browser Information Users – Email Address, First Name, Last Name | Contract Performance |
| Contractors – First Name, Last Name, Job Title, Email Address, Date of Birth, Place of Birth, Age or Age Group, Telephone Number, Home Address, User Name, Copy of ID, National Insurance Number, Gender, Photographs, Educational and Employment History, Salary Information, Advice Secondary Education, Educational Year Business Partners – First Name, Date of Birth, Last Name, Job Title, Place of Birth, Age or Age Group, Email Address, Home Address, Telephone Number, User Name, Copy of ID, Gender, Photographs, National Insurance Number, Educational and Employment History, Salary Information, Browser Information | Legitimate Interests | |
| Clinical | Patients – First Name, Last Name, Age or Age Group, Place of Birth, Job Title, Date of Birth, User Name, General Health Data, Medical Condition, Non-medical tracking (e.g. sleep; food intake), Medical History, Medicines, IP Address, Home Address, Religion, Educational Method, Information Guardian or Parent(s), Telephone Number, Class, Educational Type, Educational and Employment History, Gender, Protected characteristics, Email Address, Health Service/NHS Number, Video, Educational Year Users – First Name, Last Name, Email Address, User Name, IP Address, Job Title Stakeholders – First Name, Last Name, Job Title, Email Address, User Name, IP Address Company – Intellectual Property | Data Subject Consent |
| Communication | Patients – First Name, Last Name, Age or Age Group, Place of Birth, Job Title, Date of Birth, User Name, General Health Data, Medical Condition, Non-medical tracking (e.g. sleep; food intake), Medical History, Medicines, IP Address, Home Address, Religion, Educational Method, Information Guardian or Parent(s), Telephone Number, Class, Educational Type, Educational and Employment History, Gender, Protected characteristics, Email Address Users – First Name, Last Name, Email Address, User Name, IP Address Stakeholders – First Name, Last Name, Job Title, Email Address, User Name, IP Address Company – Intellectual Property | Legitimate Interests |
| Website Hosting | Users – First Name, Last Name, Age or Age Group, Date of Birth, Email Address, Telephone Number, Home Address, IP Address, Browser Information | Legitimate Interests |
| Payment | Contractors – Bank account or creditcard number, First Name, Last Name, Salary Information Business Partners – Bank account or creditcard number, Salary Information, Last Name, First Name Suppliers – Bank account or creditcard number, Last Name, First Name Patients – Bank account or creditcard number, First Name, Last Name | Contract Performance |
The types of personal data we may process through suppliers:
| Business process | Data | Legal basis |
| Office Provision | Patients – First Name, Date of Birth, Last Name, Age or Age Group, Email Address, Telephone Number, Home Address, Gender, Medical Condition, General Health Data | Contract Performance |
| Accountancy | Business Partners – First Name, Last Name, Age or Age Group, Job Title, Email Address, Home Address, Gender, Salary Information, Bank account or creditcard number Contractors – First Name, Last Name, Job Title, Salary Information | Legal Obligation Compliance |
| Health Services | Patients – First Name, Date of Birth, Last Name, Job Title, Age or Age Group, Place of Birth, Email Address, Home Address, Telephone Number, Gender, Protected characteristics, General Health Data, Medical Condition, Medical History, Non-medical tracking (e.g. sleep; food intake), Medicines, Educational Type, Religion, Advice Secondary Education, Educational Year, Student Number, Educational Method, Information Guardian or Parent(s), Educational and Employment History, Class | Legal Obligation Compliance |
Purposes
Amethyst Assessment Centre processes personal data for one or more of the following purposes:
- Customer, employee, contractor, partner or supplier management
- Business and financial administration
- Direct marketing
- Delivery of goods or services
- Work planning
How we collect, store or otherwise process your data:
The following business processes describe how we may collect, store or otherwise process the types of
personal information:
- Collection of cookies, subscription to newsletter or filling out the contact form on the website(s);
- Analyse trends and profiles, for our legitimate interest to aim to enhance, modify, personalise and
- improve our services and communications for the benefit of our customers;
- Process and respond to support requests, enquiries and complaints received from you through use of
- business email;
- Provide services and products requested and/or purchased by you and to communicate with you about
- such services and/or products. We do this as necessary in order to carry out a contract with you and in
- accordance with our legitimate interest to operate a business;
- Carry out administrative activities such as invoicing and collecting payments either locally on devices or
- using cloud-services;
- Store and exchange personal information contained in documents through email and cloud-services;
- Marketing and customer acquisition through email or using cloud-services.
Sharing data with third parties
We may have to share your data with third parties, including third-party service providers. We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer your Personal Data outside United Kingdom. If we do, you can expect a similar degree of protection in respect of your Personal Data. We will only share your Personal Data with third parties in accordance with the GDPR and as outlined in the legal justification table above. We share your personal data with the following enterprise third parties. We also share your data with SME third parties, details of which are available upon request. You will be notified when we have engaged with a new third party recipient of your personal data.
Naq Cyber
| Function | Compliance |
| Data categories | Email Address, First Name, Job Title, Last Name |
| Data subjects | Employees |
| Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
Microsoft Office 365
| Function | Document Storage, Email, Office Management, Password Manager, User Management/Authentication |
| Data categories | Advice Secondary Education, Age or Age Group, Browser Information, Copy of ID, Date of Birth, Educational and Employment History, Educational Year, Email Address, First Name, Gender, Home Address, Job Title, Last Name, National Insurance Number, Photographs, Place of Birth, Salary Information, Telephone Number, User Name |
| Data subjects | Business Partners, Contractors |
| Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
Microsoft Teams
| Function | Clinical, Communication, Document Storage |
| Data categories | Age or Age Group, Date of Birth, Email Address, First Name, General Health Data, IP Address, Job Title, Last Name, Medical Condition, Medical History, Medicines, Non-medical tracking (e.g. sleep; food intake), Place of Birth, User Name |
| Data subjects | Patients, Stakeholders, Users |
| Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
Barclays
| Function | Payment, Payment Processing, Payroll |
| Data categories | Bank account or creditcard number, First Name, Last Name, Salary Information |
| Data subjects | Business Partners, Contractors, Patients, Suppliers |
| Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
WordPress
| Function | Website Hosting |
| Data categories | Age or Age Group, Browser Information, Date of Birth, Email Address, First Name, Home Address, IP Address, Last Name, Telephone Number |
| Data subjects | Users |
| Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
Adobe Acrobat
| Function | Clinical, Communication, Office Management |
| Data categories | Age or Age Group, Class, Date of Birth, Educational and Employment History, Educational Method, Educational Type, Email Address, First Name, Gender, General Health Data, Home Address, Information Guardian or Parent(s), Intellectual Property, Job Title, Last Name, Medical Condition, Medical History, Medicines, Non-medical tracking (e.g. sleep; food intake), Place of Birth, Protected characteristics, Religion, Telephone Number |
| Data subjects | Company, Patients |
| Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
Egress Software
| Function | Communication |
| Data categories | Age or Age Group, Class, Date of Birth, Educational and Employment History, Educational Method, Educational Type, Email Address, First Name, Gender, General Health Data, Home Address, Information Guardian or Parent(s), Last Name, Medical Condition, Medical History, Medicines, Non medical tracking (e.g. sleep; food intake), Place of Birth, Protected characteristics, Religion, Telephone Number |
| Data subjects | Patients |
| Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
Google authenticator
| Function | User Management/Authentication |
| Data categories | Email Address, First Name, Last Name |
| Data subjects | Users |
| Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
WriteUpp
| Function | Clinical |
| Data categories | Age or Age Group, Class, Date of Birth, Educational Method, Educational Type, Educational Year, Email Address, First Name, Gender, General Health Data, Health Service/NHS Number, Home Address, Information Guardian or Parent(s), Job Title, Last Name, Medical Condition, Medical History, Medicines, Non-medical tracking (e.g. sleep; food intake), Place of Birth, Protected characteristics, Religion, Telephone Number, User Name, Video |
| Data subjects | Patients, Users |
| Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
QbCheck
| Function | Clinical |
| Data categories | Age or Age Group, Date of Birth, Email Address, First Name, Gender, Last Name, Video |
| Data subjects | Patients, Users |
| Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
Quality Compliance Systems
| Function | Compliance |
| Data categories | Email Address, First Name, Job Title, Last Name, Subscription Data |
| Data subjects | Users |
| Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
DSPT Portal
| Function | Compliance |
| Data categories | Contracts, Email Address, First Name, Intellectual Property, Last Name |
| Data subjects | Company, Users |
| Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
Square Up
| Function | Payment Processing |
| Data categories | Bank account or creditcard number, Email Address, First Name, Last Name |
| Data subjects | Company, Customers |
| Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
International data transfers
The third parties we have engaged for the abovementioned business process may transfer your personal information to outside of your jurisdiction. Amethyst Assessment Centre’s third party processors take all necessary measures to ensure the confidentiality, availability and integrity of personal data and to comply with the GDPR with regards to international data transfers. The international nature of its compliance
certifications, as well as far-reaching technical security measures (including but not limited to encryption of the personal data, making the data illegible to an unauthorised recipient) are sufficient to ensure that the data subjects continue to benefit from the fundamental rights they are entitled to under the GDPR.
Where Amethyst Assessment Centre transfers data to third countries, it relies on the following legal grounds for international data transfers:
- An Adequacy Decision in accordance with article 45 of the GDPR
- In the absence of an Adequacy Decision, appropriate safeguards in the form of Standard Contractual Clauses or Binding Corporate Rules.
In the event that Amethyst Assessment Centre is reliant on Standard Contractual Clauses for the legality of its international data transfer, it ensures that the Processor or Subprocessor takes supplementary security measures to safeguard the international data transfer with one or more of the following measures:
- Encryption;
- Anonymisation;
- Pseudonymisation.
Storage and protection of data
Your data is protected by Amethyst Assessment Centre and its processors in pursuance to all legal requirements set by the relevant data processing laws. Amethyst Assessment Centre has taken technical
and organisational security measures to protect your data and requires its data processors to meet the same requirements. Amethyst Assessment Centre has signed processing agreements with its processors to ensure an adequate level of data protection.
The following security measures are taken by Amethyst Assessment Centre to protect your personal data in the course of the listed business processes:
Organisational security measures
Staff
Amethyst Assessment Centre staff members are required to conduct themselves in a manner consistent with Amethyst Assessment Centre’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. All staff members undergo appropriate background checks prior to hiring and sign a confidentiality agreement outlining their responsibility in protecting customer data.
We continuously train staff members on best security practices, including how to identify social hacks, phishing scams, and hackers.
Access controls
Amethyst Assessment Centre maintains your data privacy by allowing only authorized individuals access to information when it is critical to complete tasks for you. Amethyst Assessment Centre staff members will not process customer data without authorisation.
Data hosting
As a rule, data is hosted within countries and areas that provide a substantially similar level of protection as data subjects have under the GDPR. To ensure this, we rely on Adequacy Decisions as a legal basis for our international data transfers. In exceptional circumstances, where data is transferred to a country or area not subject to an Adequacy Decision, we rely on Standard Contractual Clauses with the recipient and take supplementary security measures to secure this data transfer, such as anonymisation.
Physical security
The data centres on which personal data is hosted are secured and monitored 24/7 and physical access to facilities is strictly limited to select staff.
Technical security measures
All devices which are used to access personal data for which we are responsible are secured with antivirus software, firewalls, encryption and access management. We regularly update operating systems and software to ensure vulnerabilities cannot be exploited.
We carry out regular vulnerability scanning of our website and have engaged credentialed external auditors to verify the adequacy of our security and privacy measures.
Your rights regarding information
Each data subject has the right to information on and access to, and rectification, erasure and restriction of processing of their personal data, as well as the right to object to the processing and the right to data
portability.You also have the right to request that you are not made subject to decision making based solely on automated processes, including profiling, if these decisions would have a significant effect on you.
You can exercise these rights by contacting us at the following email address: [email protected]. If we have any doubts as to your identity, we may request you to provide us with proof of identification, such as through sending us a copy of your valid ID. Ensure that you write “Data Request” in the subject line of your email.
Within one month of the submitted request, you will receive an answer from us. We will not charge you for submitting your request unless the request is manifestly unfounded or otherwise unreasonable in its nature.
Depending on the complexity and the number of the requests this period may be extended to two months.
Marketing
- You may receive commercial offers from Amethyst Assessment Centre. If you do not wish to receive them (anymore), please send us an email to the following address: [email protected] and ensure that you write “Data Opt-Out” in the subject line of your email.
- Your personal data will not be used by our partners for commercial purposes.
- If you encounter any personal data from other data subjects while visiting our website, you are to refrain from collection, any unauthorized use or any other act that constitutes an infringement of the privacy of the data subject(s) in question. The collector is not responsible in these circumstances.
Data retention
The collected data are used and retained for the duration determined by law. You may, at any time, request your data to be deleted from any Amethyst Assessment Centre account, system or other data processing
medium in accordance with the process described above.
Applicable law
These conditions are governed by the laws and regulations of the country where we are headquartered. The court in the district where we are headquartered has the sole jurisdiction if any dispute regarding these conditions may arise, save when a legal exception applies.
Children’s Data
We do not knowingly process children’s data, unless specifically stated in this Privacy Policy. If you have concerns about or knowledge of a child using our services, products, websites or apps without parental consent, please contact our DPO via [email protected] to ensure we can take appropriate action as soon as possible.
Contact
For questions about this privacy policy, product information or information about the website itself, please contact: [email protected].
International data transfers
Naq Cyber
| Third party headquarter address | Vlamingstraat 4, 2712BZ, Zoetermeer, The Netherlands |
| The primary location of processing is the The Netherlands. | Personal data collected by Naq Cyber may be stored and processed in any country where Naq Cyber or its affiliates, subsidiaries, or service providers operate facilities. |
| Safeguards (art. 45 GDPR) | Adequacy decision exists between United Kingdom and The Netherlands |
| Additional safeguards | Encryption Anonymisation where possible Pseudonymisation where possible |
| For more information, see Naq Cyber’s Privacy Policy | https://www.naqcyber.com/policies/privacy-policy |
Microsoft Office 365
| Third party headquarter address | 1 Microsoft Way, Redmond, WA 98052-6399, United States of America |
| The primary location of processing is the The Netherlands. | Personal data collected by Microsoft Office 365 may be stored and processed in any country where Microsoft Office 365 or its affiliates, subsidiaries, or service providers operate facilities. |
| Safeguards (art. 45 GDPR) | Adequacy decision exists between United Kingdom and United States of America |
| Additional safeguards | Encryption Anonymisation where possible Pseudonymisation where possible |
| For more information, see Microsoft Office 365’s Privacy Policy | https://privacy.microsoft.com/en ca/privacystatement |
Microsoft Teams
| Third party headquarter address | 1 Microsoft Way, Redmond, WA 98052-6399, United States of America |
| The primary location of processing is the The Netherlands. | Personal data collected by Microsoft Teams may be stored and processed in any country where Microsoft Teams or its affiliates, subsidiaries, or service providers operate facilities. |
| Safeguards (art. 45 GDPR) | Adequacy decision exists between United Kingdom and United States of America |
| Additional safeguards | Encryption Anonymisation where possible Pseudonymisation where possible |
| For more information, see Microsoft Teams’s Privacy Policy | https://privacy.microsoft.com/enus/ privacystatement |
WordPress
| Third party headquarter address | San Francisco, California, United States of America |
| The primary location of processing is the The Netherlands. | Personal data collected by WordPress may be stored and processed in any country where WordPress or its affiliates, subsidiaries, or service providers operate facilities. |
| Safeguards (art. 45 GDPR) | Adequacy decision exists between United Kingdom and United States of America |
| Additional safeguards | Encryption Anonymisation where possible Pseudonymisation where possible |
| For more information, see WordPress’s Privacy Policy | https://automattic.com/privacy/ |
Adobe Acrobat
| Third party headquarter address | 345 Park Avenue San Jose, CA 95110-2704, United States of America |
| The primary location of processing is the The Netherlands. | Personal data collected by Adobe Acrobat may be stored and processed in any country where Adobe Acrobat or its affiliates, subsidiaries, or service providers operate facilities. |
| Safeguards (art. 45 GDPR) | Adequacy decision exists between United Kingdom and United States of America |
| Additional safeguards | Encryption Anonymisation where possible Pseudonymisation where possible |
| For more information, see Adobe Acrobat’s Privacy Policy | https://www.adobe.com/privacy.html |
Google authenticator
| Third party headquarter address | 1600 Amphitheatre Parkway, Mountain View, CA, 94043, United States of America |
| The primary location of processing is the The Netherlands. | Personal data collected by Google authenticator may be stored and processed in any country where Google authenticator or its affiliates, subsidiaries, or service providers operate facilities. |
| Safeguards (art. 45 GDPR) | Adequacy decision exists between United Kingdom and United States of America |
| Additional safeguards | Encryption Anonymisation where possible Pseudonymisation where possible |
| For more information, see Google authenticator’s Privacy Policy | https://policies.google.com/privacy |
QbCheck
| Third party headquarter address | Cardellgatan 1, 114 36 Stockholm, Sweden |
| The primary location of processing is the The Netherlands. | Personal data collected by QbCheck may be stored and processed in any country where QbCheck or its affiliates, subsidiaries, or service providers operate facilities. |
| Safeguards (art. 45 GDPR) | Adequacy decision exists between United Kingdom and Sweden |
| Additional safeguards | Encryption Anonymisation where possible Pseudonymisation where possible |
| For more information, see QbCheck’s Privacy Policy | https://www.qbcheck.com/public-info/data-privacy |
Proudly powered by WordPress
