Privacy Policy

1. Introduction

The purpose of this Privacy Policy is to describe clearly what information Psytech SA collects about you when you engage with our assessment services, training, events, website and assessment platforms, how we use and process that data, who we may share it with, and how you can exercise your rights in relation to it.

Psytech SA complies with the Protection of Personal Information Act, 4 of 2013 (POPIA), which regulates the processing of personal information in South Africa. Where we process personal information of individuals located outside South Africa — including in the European Economic Area or the United Kingdom — we also aim to meet the equivalent obligations of the General Data Protection Regulation (GDPR) and comparable frameworks.

In line with POPIA, we process all personal information in accordance with the eight conditions for lawful processing:

• Accountability — we take responsibility for how we process your personal information.
• Processing limitation — we process information lawfully, in a minimally intrusive way, and on a clear legal basis.
• Purpose specification — we collect personal information for specific, explicitly defined and legitimate purposes.
• Further processing limitation — any further processing must be compatible with the original purpose.
• Information quality — we take reasonable steps to ensure personal information is accurate, complete and up to date.
• Openness — we are transparent about how and why we process your personal information.
• Security safeguards — we take appropriate, reasonable technical and organisational measures to protect personal information.
• Data subject participation — you have rights over your personal information, and we support you in exercising them.

2. The Information We Collect

Depending on the service you engage with, we may collect and process the following categories of personal information:

• Name and surname
• Contact details (email address and, where relevant, telephone number)
• Biographical information (sex, age or age range, level of education, ethnicity, first language, country of origin)
• Employment or occupational information
• Assessment responses and the results derived from them
• Facial images, where Facial Validation is used to support un-proctored, remotely administered assessments
• Technical information relating to your use of our websites and assessment platforms (for example, IP address, browser type and session information)

Where we process special personal information under POPIA (such as information relating to ethnicity or biometric data) we do so only where we have a clear legal basis, typically your consent or an explicit authorisation under Section 27 of POPIA.

3. How We Obtain Your Information & Why We Process It

We collect only the information necessary to deliver psychometric, skills, 360-degree and other online assessments — and to generate the reports our clients use to make informed people decisions. Your personal information typically reaches us in one of the following ways:

• Our client (for example, a prospective employer or training provider) supplies us with your details so that we can set up your personalised assessment invitation.
• You provide information directly, through a form before starting an assessment or exercise, or as part of your responses during the assessment.
• We capture assessment data automatically as you work through the assessment — for example, your responses to items, time taken and, where enabled, Facial Validation signals.

Where we specifically collect biographical information, we will ask for your consent. You can choose not to provide this information, and where a response is required a "Rather Not Say" option is always available.

Facial Validation is an optional, advanced add-on feature designed to enhance the security and validity of un-proctored, remotely administered assessments. It uses a combination of artificial intelligence (AI) and common hardware available to most end-users. Facial Validation is not the same as facial recognition — it is used to confirm the integrity of the assessment session, not to identify you against external databases.

We store and process your data in order to provide a service to our clients. Your data and responses may be used to:

• Identify you and your responses to the client who supplied your information to us.
• Generate reports describing your personality, abilities, skills or performance.
• Produce feedback reports for you summarising the information provided to the client.
• Support the improvement and validation of our assessments (typically in anonymised form).

Our clients may use these reports for selection, development or succession planning within their organisations. They are independently responsible for processing your personal information in line with their own obligations under POPIA and any other applicable data-protection laws.

Under POPIA, the lawful bases on which we rely for processing your personal information include:

• Your consent — given specifically and freely, typically at the point of data collection.
• Performance of a contract — where processing is necessary to deliver the assessment services requested by you or our client.
• Legitimate interests — where processing is necessary for our legitimate interests (or those of our client), balanced against your rights and freedoms.
• Legal obligation — where processing is required by law.
• Where applicable, the specific authorisations for processing special personal information under Section 27 of POPIA.

4. How We Store & Protect Your Information

Your personal information is stored securely. We take appropriate, reasonable technical and organisational security measures to protect it against loss, damage and unauthorised or unlawful access — in line with Section 19 of POPIA. These measures include, among others, access controls, encryption in transit, segregated environments, activity logging and ongoing staff training on responsible data handling.

We retain personal information only for as long as is necessary for the purpose it was collected, or as required by law. As a general rule, personal information associated with assessment data is anonymised after a period of 18 months, at our discretion, unless a longer retention period is agreed with our client or required by law.

Cross-border transfers. Some of our assessment platforms and service providers are hosted outside South Africa. Where personal information is transferred outside the Republic, we do so only on a basis permitted under Section 72 of POPIA — typically where the recipient is subject to a law, binding corporate rules or a binding agreement that provides an adequate level of protection substantially similar to POPIA.

5. Your Rights Under POPIA

As a data subject under POPIA you have the following rights:

• Right of access — you may request confirmation of whether we hold personal information about you and a copy of that information.
• Right to correction or deletion — you may request that we correct inaccurate or incomplete information, or delete information that is no longer required for the purpose it was collected.
• Right to object — you may object, on reasonable grounds, to the processing of your personal information.
• Right to withdraw consent — where we process your personal information on the basis of consent, you may withdraw that consent at any time. This will not affect the lawfulness of processing carried out before the withdrawal.
• Right to data portability — where technically feasible and where required, you may request that certain personal information be transferred to another party.
• Right to lodge a complaint — you may complain to the Information Regulator of South Africa if you believe your information has been processed unlawfully.

You are not required to pay any charge for exercising your rights. We will respond to a request within the time periods required by POPIA, typically as soon as reasonably possible.

6. How to Contact Us

If you have any questions about this Privacy Policy, or if you would like to exercise any of your rights under POPIA, please contact us:

7. How to Lodge a Complaint

If you have any concerns about how we have handled your personal information, please contact us first so we can try to resolve the matter.

If you remain unhappy, you have the right to lodge a complaint with the Information Regulator of South Africa:

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, in applicable law or in our data-handling practices. The effective date at the top of this page indicates when the current version took effect.