last updated 21st February 2024
This document contains information about the personal information we collect and use when you browse our Website and take our tests and the purposes for which we use such information. It also sets outs your rights in relation to your personal information.
Under data protection laws, we need to disclose the details of the entity responsible for your personal information. YourFreeCareerTest is owned and operated by Wordphrase Limited, which is your data controller. Wordphrase Limited is a private limited company registered in England and Wales under company number 10682319.
Our contact details are:
- our registered office at Suite 110, 82 James Carter Road, Mildenhall, Suffolk, IP28 7DE, United Kingdom
- e-mail: email@example.com
WHAT PERSONAL DATA DO WE PROCESS AND HOW DO WE COLLECT IT
What counts as personal information or personal data? Personal data is any information from which a person (a data subject) can be identified or potentially identified from. It does not include data where the identity has been removed (anonymous data).
We do not require you to share any personal data of yourself when you take a test on our Website.
When you browse our Website, we may collect, use and store some information about how you use our Website through the use of technologies such as cookies. This information includes your IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Website. Collectively, we refer to such information as “Technical Data”. Please refer to our Cookie Notice for more information about this.
When you communicate with us via email, you may give us some personal data directly. In that case, we may process your email address, your name, and any other personal information you provide us with.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate data about how you use our Website to calculate the percentage of users accessing a specific feature or section of our Website. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy statement.
SPECIAL CATEGORIES OF PERSONAL DATA
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
THE LAWFUL BASES WE RELY ON WHEN WE PROCESS YOUR PERSONAL DATA
We can only process your personal data when we have a lawful basis to do so. We rely on one of the following lawful bases when we process the personal data set out above:
- consent: generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending direct marketing communications to you via e-mail. You have the right to withdraw consent to receive marketing materials at any time by contacting us;
- performance of a contract: processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
- compliance with a legal obligation: processing your personal data where it is necessary for compliance with a legal obligation that we are subject to;
- our legitimate interest: the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
THE PURPOSES WE USE YOUR PERSONAL DATA FOR
Why do we need personal data from you and what’s the purpose of processing such data? In the table below we have set out the purposes we use your personal data for and on which lawful basis we rely to do so.
|CATEGORIES OF DATA
|LAWFUL BASIS FOR PROCESSING INCLUDING BASIS OF LEGITIMATE INTEREST
|To communicate with you in the event of any queries and problems you encounter and to answer those queries and solve those problems
|Email address and name
|To administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data, reduce pageloads and improvement of overall performance)
|(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and other criminal activity that could be damaging to both you and us, and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
|Necessary for our legitimate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy)
MARKETING COMMUNICATIONS FROM US AND THIRD PARTIES
We may provide you with an option to leave your email address in order to receive our marketing communications.
In the event we do so, we will get your express opt-in consent before we serve you with our marketing communications and before we share your personal data with any third party for marketing purposes. You can always withdraw your consent by following the unsubscribe link in each marketing communication sent.
Please note that if you receive our marketing communications, tracking pixels may be included in our communications in order to gather data about the effectiveness of our marketing communications.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
DO NOT SELL OR SHARE MY PERSONAL INFORMATION (CALIFORNIA RESIDENTS)
Under the California Consumer Privacy Act (CCPA), visitors of our Website who are residents of California, USA, have the right to opt-out of the sale of personal information about them. You don’t need to be physically present in California in order to exercise this right, as long as you have a current residence in California.
We may share some of your personal information with third parties, which sharing may be considered a sale under the CCPA. Such personal information is for example your IP-address, device information or browsing behaviour which is shared with third party advertisers for the purpose of serving interest-based advertising.
You can exercise your right to opt-out by clicking on the following link and fill out and submit the online form provided: do not sell or share my personal information. You can also exercise your right by sending us an email at firstname.lastname@example.org with the information mentioned when you click the above link.
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by contacting us.
SHARING YOUR PERSONAL DATA
We work with third-party service providers who, on our behalf and at our instruction, process certain personal data from you. The processing of your personal data by those service providers is subject to data processing agreements or standard contractual clauses to ensure that the required level of protection of your personal data is safeguarded. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We share personal data with the following service providers:
- Google Drive, Dropbox, Wp Engine, and Backblaze, providing off-site back-up storage service for our Website
- Cloudflare, providing a content delivery network service
- Convertkit, providing services to serve subscribers with marketing communications
- Vimeo, for video hosting.
- our bookkeeping service provider and our accountant
We also use Google Analytics, which is a service we use to analyze the use of our Website by our visitors. Google Analytics places cookies on our Website in order to gather certain information from you when you access and browse our Website. Such information may include your IP address. However, we have implemented the IP anonymization feature so that your IP address is shortened and cannot be traced back to you. We also do not allow Google to share your data for any other purpose within their organisation. Please also refer to our Cookie Notice for more information about the cookies set for analytics purposes.
Some of the third-party service providers set out above may be based outside of, or may process personal information outside the UK or the European Economic Area (EEA). That means that certain personal data may be transferred outside of the UK or the EEA, which is only allowed if an adequate level of protection of personal information can be guaranteed. We have entered into data processing agreements with our service providers including standard contractual clauses approved by the authorities in the UK and the EU, in oder to ensure the required level of protection is guaranteed.
We may also share your personal information with law enforcement or similar authorities if required by applicable law.
We have put appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those within our business who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
HOW LONG WE HOLD YOUR PERSONAL DATA
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your data: see Your Rights below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Data protection laws give you a set of rights you can enforce against us for free. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. If you wish to exercise any of the below rights, please let us know your request by e-mail.
You have the right to:
- fair processing of information and transparency over how we use your use personal information;
- access to your personal information and to certain other supplementary information;
- require us to correct any mistakes in your information which we hold;
- require the erasure of personal information concerning you in certain situations;
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
- object at any time to processing of personal information concerning you for direct marketing;
- object in certain other situations to our continued processing of your personal information;
- otherwise restrict our processing of your personal information in certain circumstances.
As a security measure and to avoid misuse of your personal information we may ask you to confirm your identity. We can only process requests from data subjects about their own data. We will get back to you about your request within one month after we received it.
Residents of the EU and the UK also have the right to lodge a complaint with a supervisory authority, in particular in the UK or in a European Economic Area state if you work, normally live or if any alleged infringement of data protection laws occurred in that relevant state. In the UK, the supervising authority is the Information Commissioner (www.ico.org.uk).
CHANGES TO THIS POLICY