When you participate in the EXIN competency assessment (hereinafter referred to as ‘competency assessment’), EXIN may need to process your personal data. This privacy statement illustrates how EXIN processes your personal data, what measures have been taken to protect your personal data, and what rights you have under the General Data Protection Regulation (‘GDPR’).
The objective of the competency assessment is to provide guidance to companies and individual professionals regarding the skills and competencies of the person who takes the competency assessment (‘you’). By taking the competency assessment, EXIN independently assesses and validates your competencies.
There are three ways, which are referred to as ‘user stories’, to take part in the competency assessment:
This privacy statement will elaborate on each option in case there are differences between the three options.
The personal data EXIN processes depends on the applicable user story.
When you go to the EXIN website and click on the link to take the competency assessment, participation in the competency assessment is anonymous. Only the following data is required to fill in:
After finishing the competency assessment, your results will be shown in an overview screen. In addition, potential profiles and a gap analysis will be provided based on your results.
You cannot retrieve your results in case you do not create an account. When you choose not to create an EXIN account after receiving your results, the following data will be logged:
In case you choose to create an account, your results will be saved within your account. By creating an account, your participation in the competency assessment will no longer be anonymous. The following personal data is processed for creating an account:
To invite people to take the competency assessment, a team manager creates an account. The following data is processed of the team manager when an EXIN account is created:
A team manager fills in the following personal data to invite you to take the competency assessment:
When more than five people that were invited by the same team manager have completed the competency assessment, the team manager can see a group report. The team manager cannot see your individual results.
In case you choose to create an account, your results will also be saved within your account. The following data is additionally processed for creating an account:
For each accredited EXIN partner, multiple professional consultants can have an account to invite people to take the competency assessment. EXIN creates these user accounts (‘professional accounts’) based on the data the EXIN accredited partner provides to EXIN. For creating these professional accounts, the accredited EXIN partners provides EXIN with the following data of its professional consultant:
In order to invite you to take the assessment, the professional consultant provides EXIN with the following data from you:
Regardless of whether you create an account or not, the professional consultant can see your individual assessment results after you complete the competency assessment.
For user stories 1 and 2, EXIN is controller for all the processing of personal data. EXIN is responsible for the correct handling of your personal data.
For user story 3, EXIN is controller regarding your account data. The EXIN accredited partner is controller and EXIN is processor for assessment data. EXIN has entered into an appropriate agreement with the EXIN accredited partner for this processing.
For the hosting of the EXIN platform, EXIN has engaged a processor. With this processor a processing agreement has been concluded.
EXIN does not share your personal data with any other third parties.
EXIN processes personal data so you can complete the competency assessment and you (and possibly the team manager or professional consultant) gain insight into your (aggregated) assessment results.
Additionally, the personal data may be used for data analysis and reporting by EXIN on an aggregated level on an anonymous basis.
In both user stories 1 and 2, the legal base for processing personal data is the consent you give when you create an account. Before you enter personal data, you have to actively tick the ‘consent box’. EXIN stores the consent you have given and you may withdraw your consent at any moment. Consent is also the legal base for creating an individual account in user story 3.
As the EXIN accredited partner is the controller for the assessment data in user story 3, the EXIN accredited partner is responsible for providing a legal base for the processing. For example, the EXIN-accredited partner is required to have a legal base for the transfer of your personal data to EXIN to send you an invitation to take the competency assessment.
In case you receive an invitation to take the competency assessment, but you choose not to react to this invitation, your e-mail address will be deleted automatically after 6 months.
Both account data and assessment results will be stored up to 3 years. If you choose to delete your account, your individual competency assessment results may remain visible in case you were invited by a team manager (user story 2) or a professional consultant (user story 3).
EXIN is committed to protect your personal data. There are appropriate technical and organizational measures in place to protect your personal data to prevent any unauthorized access to or loss of your personal data.
All processing of personal data takes place within the European Economic Area (‘EEA’).
There is no automated decision-making involved. When you complete the competency assessment, the EXIN tool automatically generates your assessment results. However, for automated individual decision-making to occur a legal effect needs to be (automatically) produced. As the assessment results will always be analyzed by a natural person (e.g., the professional consultant) the restrictions regarding automated individual decision-making do not apply to EXIN.
In case EXIN processes your personal data there are several rights you have in relation to your personal data, including:
For requests, questions or complaints please contact EXIN via firstname.lastname@example.org. EXIN will make a reasonable effort to comply with your request in case the request is consistent with professional standards and applicable law.
Please note that regarding the assessment data in user story 3, the EXIN accredited partner is responsible for any questions or requests you may have when exercising your GDPR rights.
This privacy statement may be subject to change. In case this privacy statement is amended, EXIN will post the updated privacy statement on www.exin.com, after which this privacy statement will be effective immediately. Last update: June 29th, 2022.
If you have any questions regarding this policy or the processing of your personal data, please contact us:
EXIN Holding B.V.
Attn. Privacy Office
Arthur van Schendelstraat 650
3511 MJ UTRECHT