PSI Privacy Shield Policy
PSI Services LLC (“PSI”) is committed to protecting the privacy of our clients’ personal information. This notice outlines our general policy and practices for implementing, at a minimum, the E.U.–U.S. and Swiss–U.S. Privacy Shield Principles (collectively “Privacy Shield”), including the type of information to which this notice applies, how we use personal information, and the choices individuals have regarding our use of, and their ability to access and correct, that personal information. If there is any conflict between the policies in this notice and the Privacy Shield Principles, then the Privacy Shield Principles will govern. This notice applies to all PSI entities (including, but not limited to, PSI Enterprises LLC, PSI Intermediate Holdings, LLC, PSI Services LLC, EB Jacobs LLC, PSI International Holdings Ltd, Assessment & Development Consultants Ltd, Education Group Holdings AG, PSI Services AG, EnlightKS AB, PSI Services Ltd, Computer Assisted Testing Services, LLC, Performance-Based Selection Ltd., PSI Services Inc., Performance Assessment Network, Inc., Institute for Personality and Ability Testing, Inc., IPAT Acquisition Ltd, IPAT Holdings Ltd, and Clover Ventures Limited).
E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
PSI recognizes that a number of countries have established strict protections regarding the handling of personal information, particularly the European Union and Switzerland, which have requirements to provide adequate protection for such personal information transferred outside of the E.U. and Switzerland. PSI complies with the Privacy Shield frameworks, and particularly, as agreed to between the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, regarding its collection, use, and retention of personal information from E.U. member countries. Specifically, PSI has certified that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability. To learn more about the Privacy Shield program, and to view PSI’s certification, please visit the Privacy Shield website at www.privacyshield.gov. As a Privacy Shield participant, we have agreed to abide by the investigatory and enforcement powers of the U.S. Federal Trade Commission or any other U.S. authorized statutory body.
This notice applies to all personal information we obtain through our provision of services. For purposes of this notice, “personal information” means, at a minimum, any information that:
- is transferred from the E.U. to the U.S.;
- is recorded in any form; and
- relates to an identified or identifiable natural person, who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
“Sensitive personal information” is a subcategory of personal information. Sensitive information is defined as personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information concerning sex life and sexual orientation, genetic data, or biometric data. Sensitive information also includes personal information received from a third party where the third party treats and identifies it as sensitive.
Privacy Shield Principles
We notify individuals about the personal information we collect from them, how we use it, and how to contact us with privacy concerns. We obtain personal information only as permitted by the Privacy Shield Principles or with the consent of the individual affected. Consent for personal information to be collected, used, and/or disclosed in certain ways may be required in order for an individual to obtain or use our services.
PSI is a data processor for its clients. Specifically, PSI provides testing solutions to corporations, federal and state government agencies, professional associations, certifying bodies and leading academic institutions that enable our clients to administer various assessment instruments to their current and prospective employees. The types of personal information that PSI may collect in order to provide its services include, but are not limited to: (1) name; (2) address; (3) email address; (4) telephone number; (5) financial and credit card information; (6) scoring, ranking, and assessment data; (7) psychometric test respondent data; (8) Photo ID and (9) and any other information generated from such personal information as a result of PSI providing its services.
We collect personal information for various purposes, which include, but are not limited to: (1) providing our products and services to our clients, such as online talent assessments, pre-employment testing, employee assessments, certification and regulatory testing, consulting services and furnishing personalized computer-generated reports from completion of our psychometric instrument questionnaires; (2) generating research and statistical data related to the information collected through our products and services; (3) communicating with our clients regarding the administration of our service contracts with them; (4) marketing our products and services to prospective and current clients in accordance with their marketing preferences; and (5) soliciting feedback from clients regarding our products and services.
To the extent permitted under the Privacy Shield, PSI reserves the right to process personal information in the course of providing services to our clients in a manner consistent with the purposes for which the information is collected, and without the knowledge of individuals involved.
When required by the Privacy Shield, we offer individuals the opportunity to opt out of disclosures of personal information to a third party or the use of personal information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.
We will comply with the Privacy Shield with respect to disclosures of Sensitive personal information, including, when applicable, obtaining the explicit consent (i.e., opt-in consent) of the individual prior to disclosing Sensitive personal information to a third party or using Sensitive personal information for purposes that are different from those for which it was originally collected or subsequently authorized by the individual.
Accountability for Onward Transfers
PSI is potentially liable in cases of onward transfers of personal information to third parties, such as when third parties that act as agents on our behalf process personal information in a manner inconsistent with the Privacy Shield Principles. We will ensure that any third party to which PSI discloses personal information provides the same level of privacy protection as is required by the Privacy Shield principles and agrees in writing to provide an adequate level of privacy protection.
We may transfer personal information to third-party agents, or service providers, who perform functions on our behalf, such suppliers and licensors that process, store or archive data on our behalf, vendors for customer relationship management, vendors that provide services for us, and vendors that process payments and otherwise facilitate e-commerce. We enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection the Privacy Shield requires and limiting their use of the personal information to the specified services provided on our behalf.
Under some circumstances, we may be required to disclose personal information when necessary to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Data Security and Integrity
We employ administrative, technical, and physical safeguards, including education and training of our employees, designed to provide the personal information in our possession with reasonable protection to safeguard against loss, misuse, unauthorized access, disclosure, alteration, or destruction. Personal information we collect or display through a website is protected in transit by industry standard encryption processes. However, we cannot guarantee the security of personal information accessible on or transmitted via the Internet.
We process personal information in ways compatible with the purpose for which the personal information was collected, or as otherwise authorized by the individual. To the extent necessary for such purposes, we take reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.
You have the right to obtain our confirmation of whether PSI maintains personal information relating to you. Subject to ID verification checks and other reasonably necessary verification steps, we will provide you with reasonable access to the personal information PSI maintains about you upon your request and within a reasonable time period. PSI may require additional information it deems necessary about you to confirm your identity; such information may include a passport, a driver’s license, birth certificate information, etc., along with other forms of proof of address. If you become aware that personal information we maintain about you is inaccurate, or if you would like to update, delete, review your personal information, you may contact us using the contact information below. In addition, we may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive in the circumstances, or as otherwise permitted by the Privacy Shield. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have. In some circumstances, we may charge a reasonable fee, where warranted, for access to personal information.
Recourse, Enforcement, and Liability
We commit to internally resolving your complaints related to our privacy practices or our collection, use, or disclosure of personal information. We will respond to your complaint within forty-five (45) days of receipt. You may file a privacy complaint by contacting us at our contact information below.
We also agree to participate in independent dispute resolution with relevant data protection authorities (DPAs), particularly those related to the E.U. and Switzerland. We will cooperate with the DPAs to resolve any complaint brought under the Privacy Shield that is not resolved through our internal processes, and we agree to comply with the advice of the DPA related to our compliance with the Privacy Shield Principles.
Please note that if an individual’s complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
PSI may amend this Notice from time to time by posting a revised notice on this website, or a similar website that replaces this website. If we amend the Notice, the new Notice will apply to personal information previously collected only insofar as the rights of the individual affected are not reduced. PSI shall not be obligated to provide you individual notice of any updates to this Privacy Shield Notice. As long as PSI professes to adhere to the Privacy Shield Principles, we will not amend this Notice in a manner inconsistent with the Privacy Shield Principles.
Information Subject to Other Policies
We are committed to following the Privacy Shield Principles for personal information, as that term is defined herein. Other types of information we receive may be subject to policies that may differ in some respects from the policies set forth in this Notice.
PSI Data Protection Officer
611 N. Brand Blvd.
Glendale, CA 91203