Privacy Policy

applying to anyone accessing gr8pi.com

Introduction

Great People Inside Pte. Ltd., and its affiliates recognise the importance of securing and protecting any data collected from you using gr8pi.com, and its related products, services and any other functionality.

This policy applies where we are acting as a Data Processor with respect to your personal data; in other words, where we do not determine the purposes and the means of the processing of your personal data. If this Privacy Policy was presented to you in another language than English, the English version prevails in case of discrepancies.

We are committed to safeguarding your privacy, and therefore we take all reasonable measures to maintain the integrity, privacy and security of your data according to this Privacy Policy and strive to provide you with maximum transparency and insight.

1. A few definitions

gr8pi.com is the cloud based system, and all its related products, services and any other functionality found at www.gr8pi.com. The Platform is the sole and exclusive property of Data Processor. Data Subjects use gr8pi.com to complete, for example, assessment(s) or survey(s), while Data Controllers use gr8pi.com to collect Your Data, and process it into Results.

Data Controller is the entity controlling Your Data and determining the purposes and the means of the processing. The Data Controller is the entity who invited you to complete an assessment, or to participate in a survey via gr8pi.com. Thus, a Data Controller is typically, but not limited to, a College/University, a potential employer, a recruiting company, a present employer, or third parties involved, for example, in hiring or personal development projects.In general, the Data Controller is also the entity using the Results in its internal processes, and in most cases, there is only one Data Controller. Data Controllers are typically direct or indirect clients of Data Processor.

Data Processor is Great People Inside Pte. Ltd., 160 Robinson Road, #14-04 Singapore Business Federation Centre, Singapore 068914, company registration number 201615955N, and its affiliates. Data Processor's gr8pi.com algorithms process assessment and survey data etc. to generate Results for Data Processor. As the Data Processor is registered in the Republic of Singapore, it declares that it will process all your Data in accordance with the requirements of applicable Data Protection Legislation in effect and will be bound by the EU's General Data Protection Regulation (GDPR). Even though all data processing takes place in the European Union, as the servers running gr8pi.com and performing backups are hosted by Hetzner Online GmbH, Gunzenhausen, Germany, in accordance with the provisions of consideration (36) of GDPR, Great People Inside Pte. Ltd. has appointed, as a sub-processor, GR8 Research & Development S.R.L., 35 Mirăslău Street, Braşov, Romania, registered at the Trade Register Office under no. J08/915/17.07.2002, Tax ID RO14758235.

Data Subject is you; the person delivering data by using the gr8pi.com platform. You typically provide data as part of completing an assessment or survey using gr8pi.com. Data Subjects are typically, but not limited to job applicants, employees or students and, also, persons working (typically in HR) for or with a Data Controller.

Your Data is the data collected and stored in gr8pi.com by Data Controller. It consists of up to four categories of data relating to you:

• Your contact information (e.g. name, e-mail, preferred language, gender and other personal data)
  • This information is used for communication purposes, primarily via gr8pi.com.
• Your demographic characteristics (e.g. age, education etc.)
  • This information is used for research purposes.
• Your answers to the assessment(s) and/or survey(s) you have completed.
  • This information is processed into Results used by the Data Controller in their HR process(es). This information is meaningless until it has been processed by Data Processor on behalf of Data Controller.
• Data Controller's non-sensitive free text notes relevant to the process(es) you are part of.
  • This information is typically, but not limited to, Data Controller's notes specifying for example, which job you are applying for, the organisational unit involved, search tags etc.

Any data identifiable to you is protected and secured according to this Privacy Policy, and Data Processor's security measurements and procedures.

Results are the interpretation(s) of your assessment or survey data as performed by the algorithms of gr8pi.com. Your assessment or survey data is processed by Data Processor's algorithms on Data Controller's behalf and are typically presented to Data Controller in standard reports. However, Results may also be delivered to, or exported by, Data Controller in other formats; for example, if gr8pi.com is integrated with Data Controller's own systems. Results are typically used in Data Controller's HR process(es); for example, hiring, personal development etc.

2. Data Processor's Partners and Third-Parties

Data Processor Partners ("Partners") are, for example, but not limited to, Data Processor's affiliates; sales, support and distribution channel; and business and/or alliance partners.

Third-parties ("Third-Parties") are any other entity than Data Processor, and its Partners.

3. Handling Your Data

All information communicated, registered, delivered, collected or entered into gr8pi.com, is stored by gr8pi.com.

Data Processor strives to ensure that any data collected and stored is relevant, up-to-date and not excessive in relation to Data Controller's purposes. Any information not being directly relatable to your real identity is not considered to be Your Data.

Data Processor may also collect data automatically using its gr8pi.com website technologies, its other websites or systems, or receive data from, for example, analytics and search information providers, payment services etc., and from Partners and Third-Parties. In general, such data is anonymous and used for example, to optimise your online experience etc. However, in case such data is identifiable to you, it is considered to be Your Data, and treated accordingly. Data Processor may use such data in combination with Your Data.

Your Information may not be stored and/or processed in your own country, or it may be transferred and subsequently stored and/or processed outside your own country. The primary reasons for this are that Data Processor's IT infrastructure – or its IT infrastructure providers - may have servers in many different countries. Furthermore, servicing, for example, international Data Controllers may require that your Information is transferred, stored, and/or processed in other countries than your own; as may national laws and regulations.

If Your Data is stored outside the European Union, in countries not governed by EU's General Data Protection Regulation, Data Processor is still operating according to this EU regulation. However, Data Controllers may not be, and in case of doubt Data Processor urges you to contact such Data Controllers for clarification before you enter gr8pi.com, and any data.

4. Your rights and how to exercise them

As Data Subject you have the right to:

• See your contact information and demographic characteristics, and to correct them if incorrect.
• See your Results; often Results are communicated to you without you having to request it.
• Know what your Results are used for, and by which function within Data Controller.
• Know where your Information is processed and stored.
• Have Your Data fully or partially deleted.

You exercise your rights by contacting Data Controller, or via your gr8pi.com account (if available). You find Data Controller's contact information in the automated communication between Data Controller and you; for example, in the e-mail you received when Data Controller invited you, or when you self-registered to complete an assessment or participate in a survey.

Alternatively, you may send your request to your local Data Processor Data Protection Officer found at www.greatpeopleinside.com/contact, or to Data Processor directly via [email protected]. You must send your request via e-mail, and your request must include:

• Your full name
• The name of the Data Controller
• Your request(s)

In this case, your request is forwarded to Data Controller as it is Data Controller's responsibility to handle Your Data. You should expect that processing your request will take longer if you do not request it directly with Data Controller. The e-mail address you use to send your request must be identical to the e-mail address gr8pi.com has on file for you. If the e-mail addresses are not identical, your request will not be processed. This precaution is taken to prevent others from making requests on your behalf.

Please note, that often Results are communicated to you by Data Controller without you having to actively request them, in layman's language reports designed specifically for this purpose, or by other means.

If you participated in a survey, you are, in most cases, providing feedback to another person, and thus the Results relate to this person, and not to you. Therefore, you are in general not informed about the Results unless you are the target person of the survey.

5. How deletion works

Full or partial deletion of Your Data may be requested by you at any time 90 days after you delivered it. In the first 90 days, Data Controller has the right to generate Results using Your Data. You request full or partial deletion by contacting Data Controller. Furthermore, Data Controller may fully or partially delete Your Data at any time.

A full deletion means that your contact information is permanently deleted. Thus, you can no longer be identified, and your demographic characteristics and assessment and/or survey data is no longer connectable to you. You are in other words completely anonymised. Your anonymised demographic characteristics, and your assessment and/or survey data may still be used for research and statistical purposes etc., and may still be included in Results generated by Data Controller.

A partial deletion means that for example your connection to a specific assessment or survey is permanently deleted. In this case your contact information is still intact, but the deleted assessment or survey can no longer be connected to your person. For example, if you completed two different assessments, you or Data Controller can request that one is deleted, while the other is maintained.

Once a deletion is completed it is irrevocable. This means that if you regret a partial deletion of for example, an assessment you must redo the assessment.

Please note that if you have completed assessments with different Data Controllers - for example, if you have applied for a job with two different companies and have completed an assessment with both - you must direct your deletion request(s) to both Data Controllers if you want both assessments deleted. Also, please note that even though your data is deleted, and Data Controller no longer has access to it, it may still exist on one or more of Data Processor's backup systems. Thus, your Data is not completely deleted before Data Processor's backup cycle(s) are completed.

In general, Data Controller may keep and use Your Data for as long as you are part of their process(es). However, if you are an employee of, or if you are working for or with Data Controller, Data Controller may keep and use Your Data for as long as the relationship exists according to Data Controller. Nevertheless, you still have the right to request full or partial deletion 90 days after you delivered Your Data.

6. Handling Results

Data Processor enables Data Controller to generate Results using Your Data. Results are not stored by gr8pi.com but delivered directly to Data Controller.

Results are, in general, presented to Data Controller in reports (typically as .pdf files), but in some cases Results are exported to or by Data Controller – for example by integrating gr8pi.com with Data Controller's own (HR) systems – for further processing outside gr8pi.com.

Data Controller has the obligations to handle Results according to local laws and regulations.

7. Relevance of Your Data and the Results

Data Processor stores Your Data until it is fully or partially deleted, and Data Controller may process Results as long as they are available to Data Processor. It is up to Data Controller to decide if Your Data is relevant, and how Results are used in their (HR) process(es). Data Processor offers written guidelines to Data Controllers on this subject. If you have any questions in relation to this, you should contact Data Controller. Alternatively, you may contact your local Data Processor Data Protection Officer found at www.greatpeopleinside.com/contact, or directly via [email protected].

8. Other

Your demographic characteristics, and assessment and survey data and Results may be used by Data Processor for statistical and/or research purposes, and in Data processors effort to keep gr8pi.com safe and secure. However, in any such case data is only used in an anonymised format which means it cannot in any way be connected to your identity.

Your contact information may be used by Data Controller. It may also be used by Data Processor and its Partners as described in section 11.

Data Processor and/or its Partners may have direct or indirect access to all or some of Your Data and/or Results when servicing, and supporting Data Controllers. However, Data Processor or its Partners do not use your Information and/or Results for anything except for servicing and supporting Data Controllers, and do not store any Results generated when doing so.

Except if anonymised, Data Processor will not disclose data or Results to Third-Parties unless it is required by law enforcement institutions, or to comply with the law; for Data Processor intermediaries to comply with this Privacy Policy; or to protect Data Processor and its business, rights and assets. In any such case, Data Processor will inform you via your e-mail address on file.

Finally, if Data Processor is substantially sold or otherwise handed over to another entity, Your Data may be transferred to that entity. In any such case, you are informed via your e-mail address on file.

9. Protecting Your Data 

Data Processor complies with the EU General Data Protection Regulation in force per 25th of May 2018 and has written procedures and documentation supporting compliance. Data Subjects and Data Controllers may request more information by contacting Data Processor's local Data Protection Officer found at www.greatpeopleinside.com/contact or by emailing [email protected].

Data protection and security is paramount to Data Processor, and we take all reasonable measures to prevent unauthorised access or manipulation of Your Data, which is fundamentally protected by these measures:

• Your password is not stored in clear text.
• Your assessment and/or survey data are meaningless in their unprocessed format.
• Backups of Your Data are encrypted.
• Your Data can be anonymised which means Results can no longer be connected to you.
• The online transmission of your Information is performed through secured connections to protect it from manipulation and/or unauthorised access. However, Data Processor and Data Controller cannot guarantee that communication carried by the Internet (for example, but not limited to e-mail correspondence, or entering Information into gr8pi.com) is secure. Thus, any transmission is at your own risk. You contribute to Data Processor's security and data protection efforts by complying to these simple gr8pi.com guidelines:
  • Do not enter or deliver unauthorised or manipulated data, information or communication.
  • Do not (attempt to) collect any content or information related to other Data Subjects, or violate other's personal rights, or access other's accounts or information.
  • Do not (attempt to) upload any viruses or malware.
  • Do not perform actions which will or can impact the functionality and/or appearance of the Platform.
  • Do not overload gr8pi.com (for instance, but not limited to Denial-of-service-attacks), or impact products, services or any other functionality offered by gr8pi.com.
  • Do not support and/or encourage violations against Data Processor's policies, principles, guidelines etc.

Your Data is handled confidentially by Data Controller and Data Processor according to EU's General Data Protection Regulation, and/or local laws and regulations.

Data Processor performs scheduled penetration tests and security audits (external and/or internal) to maintain a high level of security, and data protection. Furthermore, Data Processor offers security awareness guidelines and support to Data Controllers. Such guidelines and/or support is free of charge to encourage a high level of security and data protection. Data Processor's staff complete internal security and data protection training in accordance with their role.

10. Data or Security breach

In case of a security breach – for example, but not limited to, hacking of gr8pi.com – Data Processor will do its utmost to indemnify the breach, and to restore secure operation as fast as possible.

In case a security breach results in a data breach, Data Processor will inform Data Controller about the breach, its extent, and who it affects to enable Data Controller to inform for example affected Data Subjects, authorities etc., and to take whatever measures possible to assist in indemnifying the breach.

11. Communication

If you are a Data Subject having an accessible gr8pi.com account, Data Processor and/or its Partners may contact you via your e-mail on file according to your account settings. If you continue to receive information from a Partner after you declined it by changing the appropriate communication setting, it is likely that the Partner did not register your request. In this case you should contact the Partner directly or alternatively contact [email protected] who will then execute your request.

Data Processor and/or its Partners may for example contact you

• To notify you about gr8pi.com changes or updates, and to respond to your requests, inquiries etc.
• For internal operations like troubleshooting, data analytics, testing, statistics, surveys etc.
• For business and research purposes, and to enhance/develop gr8pi.com, products and services.
• For other matters if accepted by you according to your account settings.

Please note that if you decline all communication from Data Processor and/or its Partners you may still receive relevant information in relation to Your Data, and your usage of gr8pi.com. However, if you request a full deletion, you will no longer receive any kind of communication from Data Processor or its Partners once it has been executed.

12. Cookies

A cookie is a small piece of software/data sent from gr8pi.com and stored in your browser/computer. Cookies are used for communicating, among other things, your browser activities. At your own discretion you can delete and/or disable cookies in your browser. Please note that doing so may limit your online experience or even prevent you from using gr8pi.com and/or its services.

Technical cookies – but not tracking cookies - are used by gr8pi.com as they are necessary to provide full functionality of gr8pi.com and its services. When you use gr8pi.com you accept the use of cookies and the gathering and usage of information collected by such cookies.Please click here for a complete overview of the cookies used by gr8pi.com.

13. Third-Parties

Gr8pi.com may contain links to, and/or provide products, services and/or functionality from, other systems or providers controlled, owned and/or operated by Third-Parties. Data Processor and Data Controller has no liability whatsoever for matters regarding such Third-Party systems, products, services and/or functionality. You acknowledge that the Terms of Use, Privacy Policy etc. of such Third-Parties govern the use of such Third-Party systems, or providers. Links or referrals to any Third-Party does not constitute an endorsement by Data Processor or Data Controller of such systems, their content or providers. You access any Third-Party web site or provider entirely at your own risk.

14. Changing the Privacy Policy

Data Processor reserves the right to amend or change this Privacy Policy at any time without notice. The Privacy Policy in force at any time is available before and after you enter any data using gr8pi.com.

15. Liability

All and any direct or indirect liability resulting directly or indirectly from the Data Controller's use of your Results, are waived by Data Processor.

16. Questions or concerns

If you have any questions or concerns regarding this Privacy Policy, please direct your enquiry to your local Data Processor Data Protection Officer found at www.greatpeopleinside.com/contact or to [email protected].

COOKIES OVERVIEW