CONSENT TO THE PROCESSING OF PERSONAL DATA
European Regulation (EU) 679/2016 (General Data Protection Regulation, GDPR)
GUIDANCE FOR REQUESTING CONSENT.
European Regulation (EU) 679/2016 (General Data Protection Regulation, GDPR) introduced rules for the protection of natural persons with regard to the processing of personal data.
OriginalSkills Srl, VAT no. 02477180513, registered office in Loc. Vallone C. S. Ossaia, 39/b, 52044, Cortona (Ar.), IT (hereinafter “OriginalSkills”), which provides assessment services for businesses and individuals of different ages and employment status (students, workers, citizens in general), has upgraded the level of security applied to the processing of the data provided. To deliver its assessment services, OriginalSkills processes data both on its own behalf and on behalf of third-party entities (companies, recruitment firms, employment agencies, schools, universities, etc.).
To learn how OriginalSkills processes the data you provide: see sections 2.1, 2.1.1, and 2.2 of this notice.
To learn how Third-Party Entities process the data you provide overall: see section 2.4 below and the additional information those Third-Party Entities have provided to you directly.
To learn how to exercise your rights under the GDPR: read section 8 of this notice. At the end of the reading, you can give or withhold consent to data processing as indicated in section 9.
- INTRODUCTION.
- INFORMATION COLLECTED BY ORIGINALSKILLS AND BY THIRD-PARTY ENTITIES
- DATA RETENTION FOR SPECIAL PURPOSES.
- SECURITY AND RISKS.
- SERVICES FOR PERSONS UNDER 18.
- CHANGES TO THE PRIVACY POLICY.
- RESPONSIBILITY FOR DATA PROCESSING.
- RIGHTS.
- REQUEST FOR CONSENT TO THIS NOTICE.
- INTRODUCTION
European Regulation (EU) 679/2016 (General Data Protection Regulation, GDPR) introduced rules for the protection of natural persons with regard to the processing of personal data. This privacy notice is adopted in implementation of that Regulation and applies to all products, services, websites and “apps” offered by the data controller that OriginalSkills provides through the “Originalskills” and “IntegrityView” software.
In this document, the software (Originalskills, IntegrityView), the websites (originalskills.com, skillview.info, studentsoftskills.com) and the “apps” are referred to as the “services” or “Originalskills.” Unless otherwise specified, assessment services are provided by OriginalSkills. Originalskills designs and curates scientific assessment content for professional and private contexts and uses the technology partner WebRatio Srl for the IT management of services aimed at companies and private individuals.
1.1. TYPES OF DATA PROCESSED IN PROVIDING THE SERVICES
The term “data” used in this Privacy Policy refers to any type of information that the user voluntarily provides in order to use the services. Whether these are responses provided via personal data forms, questionnaires, or data collected through embedded forms (including photos) on websites, these data belong to OriginalSkills Srl users.
The term “personal information,” or simply “information,” refers to users’ personal information collected through the databases of the software prepared by OriginalSkills Srl and processed by automated systems for contextualized assessment purposes (services for work, for school), personal development, and training.
Third-party entity. The data and information collected through the services are used directly by Third-Party Entities, clients of OriginalSkills Srl or its partners. Third-Party Entities include Companies (including consulting and recruitment firms; temporary staffing firms, employment agencies), Universities, Non-profit Entities, Schools, professionals, psychologists, partners, etc., that use Originalskills services to in turn deliver services to their own clients/users.
Each Third-Party Entity has direct access to processed assessment data and to the information of their clients/users through an account issued by Originalskills with encrypted passwords. Each Third-Party Entity is therefore responsible for processing the data resulting from algorithmic processing and the information that flows through Originalskills services.
Access to Third-Party Entity data. Given the nature of the professional service offered (assessment support in activities of selection, evaluation and development of people within companies), specialized Originalskills staff may access Third-Party Entity data only for reasons related to the technical and scientific consultancy specifically requested by them (training, evaluation, unclear cases).
Originalskills accounts and services for Third-Party Entities.
Originalskills may manage its own accounts and issue accounts in order to provide services to its clients (usually Third-Party Entities) and to private individuals.
On its own behalf, Originalskills may directly manage accounts to administer questionnaires and tests to private individuals, coaches, company employees, freelancers, job seekers, high-school students, university students, etc. This is both for scientific research purposes and for its own professional services.
The data and personal information collected by Originalskills are also used for scientific research and for optimizing the services provided.
- INFORMATION COLLECTED BY ORIGINALSKILLS AND BY THIRD-PARTY ENTITIES
Originalskills provides its own services to individuals who subscribe to the services and give consent to data processing (direct beneficiaries).
Through its services, OriginalSkills also issues accounts to Third-Party Entities that administer questionnaires and data collection forms to their candidates, users, respondents, and also direct beneficiaries.
Who the Third-Party Entities are
Anyone who holds an account within the Originalskills services (as noted, Originalskills, IntegrityView) and uses that account to administer questionnaires and data collection forms must include their own additional text for data processing.
Third-Party Entities may appoint OriginalSkills Srl as external data processor pursuant to Art. 28 of the GDPR.
Third-Party Entities may appoint internal collaborators who administer questionnaires and data collection forms. The passwords of such collaborators are also encrypted.
Who the Candidates are
Candidates/users/respondents are those who complete a questionnaire and the related personal data forms managed by an Originalskills service within activities such as recruitment and selection; evaluation; analysis of training gaps; school and university guidance, etc. Candidates provide data for specific purposes and the information and data they provide are kept to the minimum necessary to deliver the services. Additional information (including an attached CV) is at the discretion of candidates.
Who the direct beneficiaries of the services are (private individuals/professionals/workers/students)
They are those who agree to receive information, in the form of a report processed directly by specifically designed algorithms, about their personal characteristics and other information after completing questionnaires or forms that are automatically processed by the system. The information and data provided are first and last name, sex, and, occasionally, year of birth.
Candidates, users, respondents, direct beneficiaries are the “data subjects.”
Who the website visitors are
Those who visit one of the Originalskills websites simply out of curiosity or to obtain information about the services offered.
2.1. DATA AND INFORMATION COLLECTION
The data collected by the Originalskills and IntegrityView cloud services (and other connected services) are entered directly and voluntarily by candidates and direct beneficiaries in order to receive the requested services. For example, candidates who complete the Skill View® Questionnaire answer 120 items/questions that, according to international literature, are particularly suitable for describing people’s characteristics. Candidates therefore “self-assess” through a validated Questionnaire that is the same for everyone.
Processing of data for scientific purposes
The processing of the results of the “self-assessments” is carried out on the basis of specific automated statistical methods. Finally, statistical interpretation of the responses does not occur at the level of the single question, but of groups of questions aggregated by affinity with the parameter under investigation. For example, the level of initiative is derived by grouping all the questions that measure initiative itself and not on the basis of the response to a single specific question. The data contribute to defining the statistical norms of the test.
Response data are collected and then used to improve the statistical norms of the tests, as indicated by specialized literature in the field of psychometrics. The sex variable is important and statistically grounded for the correct provision of services. Other information (educational attainment, years of experience) is collected to better refine the average characteristics of profiles.
In any case, it is not possible to trace the individual questionnaire respondent from the data used for research analyses. OriginalSkills processes these data for the benefit of Third-Party Entities, which will see, in addition to the assessment data, all other information requested from candidates by those same Third-Party Entities.
2.1.1. Data necessary to provide the services
The data provided by the user for the provision of services cannot be anonymous. Such data are only those strictly necessary to provide the services (for example: first name, last name, age, sex, e-mail…).
Candidates/respondents/users who do not wish to provide their data explicitly waive the right to use Originalskills and Third-Party Entity services. In this case they must withhold consent to data processing.
2.1.2. Logging of browsing data
Through Google Analytics services, which use cookies and page tags, Originalskills collects information about the devices and browsers used by users of the services made available to them, for statistical purposes and to identify areas for improving application functionality.
The following data are stored:
App
Browser
Device
Navigation flow
For more information on the data collected by Google through Analytics services, please refer to: https://www.google.com/intl/it_ALL/analytics/learn/privacy.html.
2.1.3. E-mail marketing
E-mails sent by Originalskills or by operators using our services include systems for collecting information relating to the opening of messages and the hyperlinks within them. Such information, such as the number of users who opened the messages, is used for statistical purposes and to assess recipients’ interest in the subject of the message sent.
For sending this type of communication, Originalskills uses external systems such as Mailchimp, Weebly and other platforms available on the market. For more information on the privacy policies applied by these operators, please refer to their data processing rules. OriginalSkills provides data to these platforms only in the case of its own clients and other subjects who have explicitly agreed to be contacted for promotional or operational technical communications.
2.1.4. Cookies
For information on the use of cookies, please refer to the dedicated section on the website, which must be configured by users.
2.2. DATA RETENTION
It is up to candidates or service beneficiaries to report any personal or curriculum inaccuracies so that Third-Party Entities or Originalskills can correct them. The Originalskills database collects only information and responses to questionnaires.
This database uses proprietary algorithms to process the responses provided to the questionnaires.
The responses to questionnaires or other forms provided by candidates/users/respondents are used by Originalskills for scientific research and statistical purposes, including in the interest of those who use the services and of the professional and scientific community that uses certified systems for personnel evaluation. Data are processed so as to ensure adequate security in their processing. Data retained for scientific research may not in any way be used for other purposes, including commercial ones. Naturally, data deleted by Originalskills in its own accounts or by Third-Party Entities are automatically deleted also from the database used for scientific research. Data used before their deletion will, however, have been used for statistical norms. They form part of the anonymous reference sample for the norms (see 2.1).
2.2.1. Retention of data by Third-Party Entities
Data and information collected by Third-Party Entities through their accounts are retained by them taking into account their privacy policies, in terms of proportionality and necessity. Originalskills provides, on behalf of its own clients and direct beneficiaries, and makes available to each Third-Party Entity, features to view the start date of data processing, with related consent, data updates, and deletion of data no longer necessary for the processing purposes envisaged by the service.
2.3. THIRD-PARTY ENTITY ACCOUNT INFORMATION AND PAYMENT MANAGEMENT
Before being able to use Originalskills services, Third-Party Entities must request an account. When an account is registered, the Third-Party Entity’s data and the e-mail address voluntarily provided are collected.
2.3.1. Account settings.
By setting up the account, you accept communication services (technical, service updates, marketing) between Originalskills and the account holder.
2.3.2. Payment services
Using certain payment and e-mail marketing services will also result in Originalskills collecting certain data: those who make a payment through the online services are asked to provide billing data, such as name, address, and e-mail address.
Other data requested by the operator that collects the amounts for the provision of services (for example, PayPal) are processed by the operator in charge of collection. Those who provide a physical billing address (including e-mail, including certified mail) implicitly accept that such address be considered the registered office of the account holder (Third-Party Entity) or the residence/domicile for billing purposes for beneficiaries.
2.4. ACCOUNT MANAGEMENT BY THE THIRD-PARTY ENTITY.
When a Third-Party Entity registers for the services, publicly available business information is requested by Originalskills for billing and communication purposes. Originalskills enables Third-Party Entities to independently manage the data and information provided to them by their candidates/users/respondents and direct beneficiaries and clients. Originalskills will not use such data for its own purposes, nor will it send e-mails to candidates and direct beneficiaries, unless expressly instructed otherwise or for information of specific interest to users, candidates, Third-Party Entities, etc.
2.4.1. Survey/form/requests/questionnaire data.
Originalskills provides automatic analysis tools (processing algorithms) for the benefit of the Third-Party Entity. Among these are recommendation tools for managing CVs, under the careful supervision of the Third-Party Entity’s staff.
It remains the responsibility of the latter to use the data and information collected in its account in compliance with the applicable rules on Privacy and regulations relating to Artificial Intelligence.
2.4.2. Third-Party Entities’ autonomous deletion of data.
Originalskills services offer various options to Third-Party Entities to delete data and information of their candidates and end beneficiaries.
2.4.3. Information shared by Originalskills with Third-Party Entities.
Originalskills does not share personal information and data of Third-Party Entities and end beneficiaries with external third parties. Originalskills services allow Third-Party Entities to share information with their other clients. Originalskills remains unrelated to the relationships between Third-Party Entities and their clients (public and private). Naturally, partners (Third-Party Entities) are required to ensure their clients comply with the rules flowing down from this regulation.
We remind you that Originalskills and IntegrityView allow Third-Party Entities and their administrators to share data and information with other members of their work team. Administrators of the issued account (Third-Party Entities with an account) will take care to issue usernames and passwords for access by their members.
Originalskills may send Third-Party Entities and end beneficiaries information relating to the services provided (changes to web addresses, system improvements, technical insights, scientific information, etc.), including regarding system-generated reports and the portability of these reports by end beneficiaries.
2.4.5. Certified partners
To provide services to the market, Originalskills relies on certified partners (who are treated like Third-Party Entities) also to facilitate consultancy for companies, universities, schools, end beneficiaries, etc. Certified partners attend courses to become such, and their data are kept by Originalskills in a register. Partners or Third-Party Entities must give prior consent to publish their data on Originalskills websites (e.g., logos and names of personnel who use the services).
2.4.6. Account closure and deletion
A Third-Party Entity that has purchased an account from Originalskills or from its authorized commercialization partner keeps it indefinitely until cancellation, which must be sent to Originalskills, including by e-mail. After receiving cancellation from the Third-Party Entity, Originalskills deletes the account and the data pertaining to it.
The account holder is responsible for the data and may autonomously control, according to its own privacy policies, the period of time for which data provided by candidates/users/respondents and direct beneficiaries are retained.
The Third-Party Entity’s account offers options to delete data at the account level (all data in the account) and at the level of candidates/users/respondents and end beneficiaries.
- DATA RETENTION FOR SPECIAL PURPOSES
Data processed for the above-stated purposes and to provide services arising from contractual obligations may be retained for legal purposes or under orders issued by authorized authorities and supervisory and control bodies. Data of Third-Party Entities and end beneficiaries may be retained by Originalskills in order to:
- comply with applicable laws, regulations, legal proceedings or valid requests by government bodies;
- comply with requirements imposed by authorities, such as a possible investigation into potential violations;
- detect, prevent or otherwise address fraud, security or technical issues;
- safeguard the rights, property or safety of our users, the public, or Originalskills and/or as required or permitted by law.
- SECURITY AND RISKS
4.1. Application protection
Access to a Third-Party Entity’s account is permitted to the person in charge solely through the use of authentication credentials such as username and password.
The password is initially provided by Originalskills and can later be changed by the account’s responsible user through the dedicated change-password function.
All passwords are encrypted using a non-reversible algorithm; for OriginalSkills, only the account’s responsible user knows their password (to be changed after first issue).
The person in charge of the Originalskills account on behalf of the Third-Party Entity may create secondary accounts, with reduced access to features depending on the type of user, for which they can set account data and password. That password can be changed by the Third-Party Entity’s client user (who opens a secondary account) in the same manner described above.
4.2. System protection
The Originalskills platform resides on cloud servers based on Amazon services and managed by WebRatio technical staff, who periodically update the servers and technologies used in order to always ensure maximum security.
4.3. Access by scientific experts
Originalskills identifies, among the authors of the tests and researchers specifically appointed by OriginalSkills Srl, those authorized to access the data dashboard to optimize calculations, benchmarks, norms and to update statistics by country, language and professional categories. For this purpose only a username and password are issued.
4.3.1. Scientific support to Third-Party Entities
Authorized Originalskills staff, at the specific request of the Third-Party Entity, may access the Third-Party Entity’s account as system administrator, to provide support in using the service and interpreting the results of test processing.
4.3.2. Technical support
Authorized WebRatio technical staff, at the specific request of the Third-Party Entity, may access the Third-Party Entity’s account through a system administrator access procedure, for technical support and to identify problems encountered by the Third-Party Entity in using the system or for software updates due to errors.
4.4. Modification or loss of data
A candidate’s/user’s/respondent’s own data may contain errors (first/last name reversed, incorrect date of birth, wrong e-mail, etc.) that the Third-Party Entity or Originalskills can correct by accessing the system, but only after written instruction to that effect from the data subject.
4.5. Action plan in case of critical issues
In the event of a security issue, such as data theft from the system through exploitation of an unknown vulnerability, the intervention plan includes the following steps:
- identification of the problem by the WebRatio technical team;
- determination of the severity of the problem;
- notification of what happened to the interested entities (Authorities, involved Third-Party Entities);
- planning of the interventions needed to resolve the problem, also based on its severity;
- resolution of the problem in line with the plan;
- release of the updated version that resolves the identified issue;
- communication of the resolution of the problem to the relevant parties.
- SERVICES FOR PERSONS UNDER 18 (SCHOOLS, TRAINING ENTITIES)
Originalskills services may also have users/respondents under 18 years of age. These individuals use questionnaires specifically designed for their age, for school and work guidance and to learn about their own characteristics through tests designed and certified for such use. Originalskills enables schools and end beneficiaries (students) to benefit from self-assessment services for school, personal and professional guidance.
For interpreting questionnaire data and for access to OriginalSkills, the involvement of specialists in the school context and in teaching related to the development of Soft Skills is required.
Third-Party Entities that own such services (especially schools, training entities, etc.) must keep minors’ data in their own account solely for the purpose of providing self-assessment services. Such Entities must directly oversee the data they have acquired and will be responsible for deletion or retention in accordance with lawful purposes of their activities.
- CHANGES TO THE PRIVACY POLICY
From time to time Originalskills may make changes to this Privacy Policy. Changes made will be posted on this page. If a change materially alters how data are collected and processed, notices will be sent to active accounts.
- RESPONSIBILITY FOR DATA PROCESSING
All individual response data (candidates, company employees) are controlled by the Third-Party Entity. Originalskills may have its own accounts. Originalskills is the data controller for users, respondents and beneficiaries whose data are collected directly.
Originalskills is not responsible for data and information collected independently by Third-Party Entities.
- RIGHTS
Candidates/users/respondents and end beneficiaries (data subjects) who use the services of Originalskills, Third-Party Entities and Originalskills partners have the right to:
- be informed
- access
- rectification
- erasure
- restriction of processing
- notification
- data portability
- object
If they deem it necessary to protect their data and the information provided, candidates/users/respondents and end beneficiaries who have entered data both in Originalskills accounts and in those of a Third-Party Entity must write to the Third-Party Entity to exercise their rights, or report difficulties contacting the Third-Party Entity to info@originalskills.com. OriginalSkills Srl, even if not contractually bound, will make efforts with the Third-Party Entity to implement users’ requests.
We also remind you that Originalskills allows export of response data from the system in various formats, to then back them up or use them with other applications, always within the scope of the services.
8.1. Retention of Third-Party Entity data
Candidates/users/respondents and end beneficiaries should contact the Third-Party Entity to learn how long their responses and information will remain stored in the services used by that Third-Party Entity.
- REQUEST FOR CONSENT TO THIS NOTICE
The undersigned declares that they have read and understood that, in order to provide the Originalskills services, it is necessary to process data in the manner indicated in sections 1 to 8 of this notice.
The undersigned is aware that, in the absence of providing the data and information requested by the personal data forms, questionnaires and forms offered in this application and in the websites connected to it, Originalskills cannot provide the services indicated in this notice.
The undersigned freely gives consent in the manner indicated: