1. Home
  2. About The Myers-Briggs Company
  3. Legal notices
  4. Data Protection Statement

Data Protection Statement

The Myers-Briggs Company Limited is a UK company with UK and continental European branch offices (The Myers-Briggs Company - France, The Myers-Briggs Company - Netherlands and The Myers-Briggs Company - Germany) and other European operations. We have a parent company, The Myers-Briggs Company, in the US. We offer assessment tools and training to HR specialists, professional psychologists and other talent development practitioners. We work directly, or through international partners, with numerous multinational corporations and public sector bodies globally.

Under data protection legislation every individual has rights as to how their personal data is handled and we recognise the need to treat all such data in an appropriate and lawful manner, according to the nature and classification of such data.

We are committed to complying with current data protection legislation, including the UK Data Protection Act 2018 (UK DPA) and the General Data Protection Regulation (EU) 2016/679 (EU GDPR), together with any applicable, enacting, successor, supplementing or amending legislation.  The UK DPA and EU GDPR strengthened the rights that individuals have regarding their personal data and seeks to unify data protection laws across the UK and the European Union, governing the rights of UK and EU citizen data subjects, regardless of where their data is processed or stored. The UK Data Protection Act 2018 is the UK national data protection regime, ensuring the UK has its own comprehensive framework for data protection, with standards in accordance with GDPR.

Our Approach to Data Protection and Privacy.  We and our associated group companies, including our parent company, The Myers-Briggs Company in the US, are committed to global data protection and privacy compliance, providing robust privacy and security protections which have been built into our services and contracts.

We apply a layered approach to data protection and privacy, including our public Privacy Policy and privacy notices at various data collection points in our operations and systems, together with options for customers and other third parties to Manage your Marketing Preferences and Manage your Cookie Preferences.

Data Protection Principles.  We adhere to the following data protection principles:

  • lawfulness, fairness and transparency – personal data shall be processed lawfully, fairly and in a transparent way
  • purpose limitation - personal data shall be collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • data minimisation - personal data shall be relevant to the purposes we have told you about and limited only to those purposes
  • accuracy - personal data shall be accurate and kept up to date
  • storage limitation - personal data shall be kept only as long as necessary for the purposes we have told you about
  • integrity and confidentiality - personal data shall be kept securely, using appropriate technical and organisation measures.


Privacy Policies and Notices.  Our public Privacy Policy sets out how we handle data including how we collect, store and use personal data and special category data (previously known as sensitive personal data), our legal bases for processing personal data, information on transfers to third parties, including those of EU personal data internationally, as well as the rights of data subjects, including the right to withdraw consent. Our privacy notices include information, and consents where applicable, at the relevant data collection point, and signpost to our Privacy Policy.

Technical and Organisational Measures.  Our internal policies and procedures, including our Data Protection Policy and Data Retention and Destruction Policy, explain how our officers, employees and consultants shall operate in respect of handling of personal data, special category data and other data protection matters, including collection, storage, processing and destruction of such data.  These internal policies and procedures set out the technical and organisational measures that we take in order to prevent unauthorised and unlawful processing, accidental loss or destruction or damage to personal data that we hold on behalf of our customers and others.  We expect all our officers, employees and consultants to comply with all applicable data protection policies and procedures in all aspects of their day-to-day work.

In our role as a data controller, we are responsible for implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with the UK DPA and EU GDPR. Our data controller obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as fulfilling data subjects’ rights with respect to their data, together with only using data processors that operate in such a manner that their data processing will also meet the requirements of the UK DPA and EU GDPR. 

We enter into contractual agreements with our processors, including data processing agreements and EU standard contractual clauses (model contracts) where applicable. These include model contracts with (i) our parent company, The Myers-Briggs Company, based in the US, and specifically in respect of data transfers from our European offices and operations and our European customers (direct or via our European offices), The Myers-Briggs Company Limited and each of our European branch and other offices in France, The Netherlands, Germany, Belgium and Ireland. 

In our role as a data processor, we are responsible for implementing appropriate technical and organisational measures to meet the requirements of the UK DPA and EU GDPR, ensuring a level of information security appropriate to the risk, and acting in accordance with the relevant data controller’s instructions.  We enter into contractual agreements as appropriate with the applicable data controller, and also with sub-processors, to provide sufficient representations to implement appropriate technical and organisational measures to ensure processing will meet the requirements of the UK DPA and EU GDPR.

Data Protection Officer and reporting of concerns.  If you have any questions about our stance on data protection matters generally or how we process personal data, please refer to our Privacy Policy. 

Our Data Protection Officer (DPO) is a member of the Board of Directors of The Myers-Briggs Company Limited and is responsible for ensuring and monitoring compliance with data protection requirements, including the UK DPA and the EU GDPR. Our DPO should be contacted in the first instance in relation to any data protection concerns. Our DPO is supported by a multi-functional data protection team. Our EU Representative for The Myers-Briggs Company Limited and The Myers-Briggs Company (US) in respect of data protection matters relating to EU personal data, can be contacted at dleurep@themyersbriggs.com. 

We and our group companies, including our parent company in the US, are fully committed to ensuring that we act in accordance with data protections laws as applicable, including the UK DPA and EU GDPR, and will take seriously any data protection concerns you raise with us.

 

Data Protection Officer
The Myers-Briggs Company Limited
Elsfield Hall
15-17 Elsfield Way
Oxford OX2 8EP
T: + 44 1865 404500
E: dpo@themyersbriggs.com
December 2020