Neumen BV (herein referred to as “Neumen”, “us”, “we”, “our”) provides assessment and talent management solutions (“Services”) and products (“Products”) to a range of private and public sector organizations.
Neumen takes its obligation to protect your privacy and personal information very seriously. Most of the Services that Neumen offers are provided to organizations
By visiting our Site, or using any of our Services, you agree that your Personal Data will be handled as described in this Policy unless agreed upon otherwise in your contract with Neumen. If you do not agree to the terms in this Policy, you must not use our Sites. Your use of our Site or Services, and any dispute over privacy, is subject to this Policy and our Terms and Conditions, including its applicable limitations on damages and the resolution of disputes or any service-specific terms made available to you when you sign up for the Services. Our Terms and Conditions are incorporated by reference into this Policy. If you have any questions or complaints in relation to this Policy, you may contact our Data Protection Officer.
Information We Collect
Based on the Services provided to you or our Clients, we may process the following categories of Personal Data about you as necessary to provide such Services. You can obtain details of the specific categories of information collected by contacting us. Please
refer to the Your Legal Rights section below.
• Identity Information, including, but not limited to first and last name, address, phone number, date of birth, email address, nationality, state identification number, social security number, digital photographs, video, audio, signatures, and optionally, ethnicity.
• Contact Information, including, but not limited to email address, phone number, billing address and delivery address.
• Financial Information, including, but not limited to bank account and payment card details.
When strictly required for the purposes of providing the Services, we may also collect the following:
• Sensitive Information, including age, race, religion, creed, sex, gender identity and expression, sexual orientation, and criminal convictions and offences;
• Professional or Employment-related Licensure Information, including, but not limited to: license application information, license activity, license history, information relating to continuing education credits, public complaints, board actions taken against a licensee, or any public actions taken against a licensee by
regulatory boards or agencies (“Licensee Updates”).
• Transaction Information, including, but not limited to details about payments to and from you by us and other details about Products and Services you have purchased from us.
• Usage Information, including information about how you use our Site, Products and Services.
• Marketing and Communications Information, including your preferences in receiving marketing information from us and our third parties along with your communication preferences.
• Recruitment Data, including your curriculum vitae, information on references and other information you provide us during the recruitment process, and results of any reference cheques and background cheques conducted as part of the
• Assessment Data, including your responses to assessments and the resulting reports.
Purposes of Processing
We may use your Personal Data for one of the following activities:
• Provide Services to you and our Client as agreed in the contract;
• For recruitment purposes in cases where you have applied for a job with us;
• When you have opted-in, for marketing purposes;
• For internal analysis and research to help us improve our Products and Services;
• Keeping accounts and financial records related to any business or other activity carried on by us; and
• Sending relevant administrative information such as notices related to product, service, or policy changes.
Third Party Disclosures
We do not share your Personal Data with third parties for their own marketing purposes.
We may disclose your Personal Data internally and externally, with the Client, and other third parties as set forth below.
When we disclose Personal Data, the recipient is required to keep that Personal Data confidential, secure and process the Personal Data only for the specific purpose for which they are engaged:
• Clients: We share your information, including results of your assessment, job demographics, and other information about you with the Client who engaged us to provide the Services.
• Sub-Processors/Service Providers: We share information with our sub-processors, including other third-party providers who provide services to us.
• Law Enforcement/Public Authorities: We may be required to disclose information to public authorities, regulators, or governmental bodies, as required by the applicable law or regulation, under a code of practice or conduct, where necessary to facilitate any investigation, or where we believe that disclosure is appropriate to protect our rights and interests or the rights and interests of third parties.
• Corporate Transactions: If we are acquired by, or merge with another company, any of our assets are transferred to another company, or bankruptcy proceeding
ensues, we may transfer the information we have collected from you to the other party.
We have put in place various electronic safeguards and managerial processes designed to prevent unauthorized access or disclosure, maintain data integrity, and ensure the appropriate use of Personal Data. We maintain Personal Data, exam data, and Licensee Updates on secured computers and all Clients, exam candidates, and
employer accounts are password protected. No such security or safeguards are 100% effective, but we will take commercially reasonable efforts to employ security measures designed to protect the information. No Personal Data is knowingly disclosed to third parties except as described herein. Unfortunately, since data transmission over the internet cannot be completely secure, we cannot ensure or warrant the security of any
information transmitted to us.
We limit access to your Personal Data to those employees, agents, contractors, subprocessors and other third parties who have a business need to know. They will only
process your Personal Data on our instructions, and they are subject to a duty of confidentiality. We have procedures put in place to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Location and Retention
The location of the servers where your Personal Data is stored will be dependent on the specific Services provided by us to the Client and governed by the contract between us and the Client. Please refer to our list of sub-processors for further information on the locations where your Personal Data may be processed by our sub-processors. We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you or our Client. To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we
process your Personal Data, whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other retention
requirements. You have the right to request that we delete your information. Please see “Your Legal Rights” below for further information. Unless agreed otherwise, we may use your Personal Data after anonymization (so that it can no longer be identified as your information) for research or statistical purposes, in which case we may use this information for a reasonable period of time without further notice to you. We may also use your Personal Data as part of statistical, aggregated data for research purposes in a pseudonymized form, if approved by our Client.
We may share your Personal Data within Neumen for the purposes stated above. This may involve transferring your information outside the European Economic
Area (“EEA”). Whenever we transfer your Personal Data outside of the EEA, we ensure a similar degree of protection is afforded to it by implementing the following safeguards:
Legal Bases for Processing
We process your Personal Data in accordance with the contract with our Client and GDPR. Based on the specific circumstances, the legal basis for our processing is one
of the following:
• Performance of a Contract. We collect and process Personal Data for the purposes of the performance of a contract with you or our Client.
• Consent. In certain cases where required under the law, we process your Personal Data based on your specific and informed consent. For example, where you have
opted-in to receive our marketing information, we may use your information to send you news and newsletters, special offers, and promotions, or to otherwise contact you about Products or Services or information we think may interest you.
• Legitimate Interest. We process Personal Data where it is necessary for our legitimate interests (or those of a third party). This includes activities related to everyday business operations, such as invoice processing, business planning, and handling client service-related queries and complaints, and other activities such
• Legal Obligation. We process your Personal Data when we need to comply with a legal obligation, meet our on-going regulatory and compliance obligations,
including in relation to recording and monitoring communications, disclosures to tax authorities, financial service regulators and other regulatory and governmental bodies, and to investigate security incidents and prevent crime.
• Other bases. We may rely on other legal bases for processing as set out in the contract with the Client.
Your Legal Rights
Privacy Rights for Data Subjects in the European Union
The GDPR sets forth certain rights to EU residents. Neumen is committed to full compliance with the GDPR.
Under the GDPR, we are a data processor of a candidate’s Personal Data with respect to most Services provided to our Clients. Our Client or the relevant organization in the supply chain determines the purposes and means of the processing and is the data controller. The contract with our Client sets out our mandate to process your Personal Data in such instances. We may also act as data controllers in instances where we provide Services directly to you and where we determine the purposes and means of processing your Personal Data.
If you are a data subject under the GDPR, you have the following rights in relation to your Personal Data.
• Request access to your Personal Data
• Request correction of your Personal Data
• Request erasure of your Personal Data
• Object to processing of your Personal Data
• Request restriction of processing of your Personal Data
• Request transfer of your Personal Data
• Right to withdraw consent
To exercise any of these rights, please submit a request to us by emailing our Data Protection Officer through our Privacy Portal. In cases where we are a data processor,
we can only forward your request to our Client for instructions on how best to respond to your request. We encourage you to contact the data controller directly to exercise your rights.
Personal Data Sales Opt-Out and Opt-In
We may engage in marketing campaigns in order to introduce new products or services that may be of interest to our current or prospective Clients. Where required by applicable law, we will only engage in such marketing communications if the individual has opted into these communications. Individuals may opt-out of the processing of their Personal Data by exercising their right to withdraw consent and the right to object to the processing of their information. To opt-out of commercial emails, simply click the link labelled “unsubscribe” at the bottom of any email sent by us. Please note that even if you opt-out of commercial emails, we may still need to contact you with important transactional information about your account in order to fulfil a contractual obligation. For example, we will still send assessment confirmations and
reminders, information about center changes and closures, and information about assessment results even if commercial emails have been opted-out (or not opted-in).
Our Site may provide links to third-party websites. We have no control over third parties, and we assume no responsibility for the availability, content, accuracy or privacy
practices of other websites, services or goods that may be linked to, or advertised on, such third-party websites. We suggest that you review the privacy policies and the terms and conditions of the third-party websites to get a better understanding of what, why and how they collect and use any personally identifiable information.
We reserve the right to amend or change this Policy from time to time. We encourage you to visit and review this Policy periodically. We will post our revised Policy on our website and update the revision date below to reflect the date of the changes. By continuing to use our website after we post any such changes or updates, you accept the Policy as modified.