Data Protection Statement

The Myers-Briggs Company Limited is a UK company with UK and continental European branch offices (The Myers-Briggs Company - France, The Myers-Briggs Company - Netherlands and The Myers-Briggs Company - Germany). We have a parent company, The Myers-Briggs Company, in the US. We offer assessment tools and training to HR specialists, professional psychologists and other talent development practitioners. We work directly, or through international partners, with numerous multinational corporations and public sector bodies globally.

Under data protection legislation every individual has rights as to how their personal data is handled and we recognise the need to treat all such data in an appropriate and lawful manner, according to the nature and classification of such data. We are committed to complying with current legislation including the General Data Protection Regulation (EU) 2016/ 679 (GDPR), together with any applicable, enacting, successor or amending legislation.  The GDPR has strengthened the rights that individuals have regarding their personal data and seeks to unify data protection laws across the European Union, governing the rights of EU citizen data subjects, regardless of where their data is processed or stored.

Our Approach to Data Protection and Privacy.  We and our associated group companies, including our parent company in the US, are committed to global GDPR compliance, providing robust privacy and security protections which have been built into our services and contracts. We apply a layered approach to data protection and privacy, including our public Privacy Policy and privacy notices at various data collection points in our operations and systems, together with options for customers and other third parties to Manage your Marketing Preferences and Manage your Cookie Preferences.

Data Protection Principles.  We adhere to the following data protection principles:

  • lawfulness, fairness and transparency – personal data shall be processed lawfully, fairly and in a transparent way
  • purpose limitation - personal data shall be collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • data minimisation - personal data shall be relevant to the purposes we have told you about and limited only to those purposes
  • accuracy - personal data shall be accurate and kept up to date
  • storage limitation - personal data shall be kept only as long as necessary for the purposes we have told you about
  • integrity and confidentiality - personal data shall be kept securely, using appropriate technical and organisation measures.


Privacy Policies and Notices.  Our public Privacy Policy sets out how we handle data including how we collect, store and use personal data and special category data (previously known as sensitive personal data), our legal bases for processing personal data, information on transfers to third parties and outside the European Economic Area (EEA), as well as the rights of data subjects, including the right to withdraw consent. Our privacy notices include information, and consents where applicable, at the relevant data collection point, and signpost to our Privacy Policy.

Technical and Organisational Measures.  Our internal policies and procedures, including our Data Protection Policy and Data Retention and Destruction Policy, explain how our officers, employees and consultants shall operate in respect of handling of personal data, special category data and other data protection matters, including collection, storage, processing and destruction of such data.  These internal policies and procedures set out the technical and organisational measures that we take in order to prevent unauthorised and unlawful processing, accidental loss or destruction or damage to personal data that we hold on behalf of our customers and others.  We expect all our officers, employees and consultants to comply with all applicable data protection policies and procedures in all aspects of their day-to-day work.

In our role as a data controller, we are responsible for implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with GDPR. Our data controller obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as fulfilling data subjects’ rights with respect to their data, together with only using data processors that operate in such a manner that their data processing will also meet the requirements of GDPR. 


We enter into contractual agreements with our processors, including EU standard contractual clauses (model contracts) where applicable, including a model contract with our parent company, The Myers-Briggs Company based in the US, and complying with the EU-US Privacy Shield Framework and Swiss-EU Privacy Shield Framework governed by the US Department of Commerce and has certified that it adheres to the Privacy Shield Principles. 


In our role as a data processor, we are responsible for implementing appropriate technical and organisational measures to meet the requirements of GDPR, ensuring a level of information security appropriate to the risk, and acting in accordance with the relevant data controller’s instructions.  We enter into contractual agreements as appropriate with the applicable data controller, and also with sub-processors, to provide sufficient representations to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of GDPR.


Data Protection Officer and reporting of concerns.  If you have any questions about our stance on data protection matters generally or how we process personal data, please refer to our Privacy Policy. 


The Myers-Briggs Company’s Data Protection Officer (DPO) is a member of The Myers-Briggs Company Limited’s Board of Directors and is responsible for ensuring and monitoring compliance with data protection requirements, including GDPR. Our DPO should be contacted in the first instance in relation to any data protection concerns.  Our DPO is supported by a multi-functional data protection team. 


We and our group companies, including our parent company in the US, are fully committed to ensuring that we act in accordance with data protections laws as applicable, including GDPR, and will take seriously any data protection concerns you raise with us.

 

Data Protection Officer
The Myers-Briggs Company Limited
Elsfield Hall
15-17 Elsfield Way
Oxford OX2 8EP
T: + 44 1865 404500
E: dpo@themyersbriggs.com 
May 2018