Data Protection

Andrew M Sidebottom is registered under the Data Protection Act 1998, Registration Number ZA546153. The company also aims to comply with all legislation arising from the General Data Protection  Regulation (GDPR), effective from May 2018.

About the Data We Control

The data that we control is principally in the form of test results arising from psychometric assessments taken by candidates. Typically, that data is ‘raw’, meaning that it requires some kind of processing for it to be meaningful.

Secure Data

The personal data collected as part of the assessment process is minimal. By necessity, we require the name and gender of the candidate (see below: ‘How We Identify Candidates’). We also require the email address of candidates in order to communicate with them and issue administration instructions.

Some online systems require the candidate’s email address as a means of ensuring system security (ie: username with a password set by the candidate).

Any other personal information which may be requested by systems, including age, occupation, educational background, etc. is optional. We do not collect wider personal / biographical data, such as ethnic origin, religion, Trade Union membership, marital status, etc.

The raw data from assessments is held on secure servers which are managed by third-party test publishers. We take all reasonable steps to ensure data protection. We only use test publishers of the highest professional standing, who also comply with Data Protection legislation and the regulations set out in GDPR.

Ultimately, the raw data from assessments is processed to generate meaningful appraisal reports for both clients and candidates.

How Data is Collected and Processed

Candidates are invited to complete one or more psychometric assessments, usually via an online platform but sometimes in a face-to-face setting. The data collected from assessments is held in a raw state until processing occurs. In the case of online assessment, data is held on secure servers by test publishers (our suppliers), who also meet the requirements of GDPR.

Upon processing, two meaningful reports are generated: One for the client and one for the candidate. In most cases, both reports are provided to the client and the client will pass along the candidate report to the candidate. During large-scale recruitment exercises, we may compile results into spreadsheet format for ease of reference by our client.

We do not disclose candidate information to any party other than in accordance with this privacy statement. Our clients are an authorized third party, therefore the transfer of test results to our client for evaluation is allowed. However, the collected and saved data are not submitted to any client other than those specified. This means that if candidates are required to complete the same test(s) for more than one client, a separate / different administration will be required for each individual client.

Special Notes Regarding Recruitment Consultants

We work with Recruitment Specialists (Employment agencies, etc.) in two distinct ways:

  • The Recruitment company is our actual client.
  • The Recruitment company is acting on behalf of our client.

1: When the Recruitment company is our actual client, assessment results are released to the Consultant directly, in accordance with this policy. The Recruitment company is required to comply with Data Protection legislation and GDPR regulations.

2: When the Recruitment company is acting on behalf of our clients, we will not release assessment results to the Recruitment Company. Reports will only be released to our clients.

Who Controls the Data?

  • Raw Data: We (Andrew M. Sidebottom) control both the raw test data and the personal data collected from the assessments.
  • Final Report / Spreadsheet Summary Results for the Client: Once the final report / spreadsheet has been compiled, it is owned and controlled by the client who requested and paid for the services. We retain a copy of the final report / spreadsheet for a period of time so that we can deal with any queries. Our advice to clients is that reports / spreadsheet results have a ‘shelf-life’ of no more than 12 months.
  • Final Report for the Candidate: This is jointly controlled by us (Andrew M. Sidebottom) and the client. This means that if for any reason the client does not pass along the candidate feedback report, we can provide it to the candidate directly. As above, reports are considered to have a time-limited validity of around 12 months.

How we Identify Candidates

When generating final reports for clients we use three pieces of information / personal data to identify Candidates:

  • Candidate Name (the Person undertaking the assessment)
  • Candidate Gender (which may be in the form of a title, such as ‘Mr’ or ‘Ms’)
  • Date of the Report

When generating summary spreadsheet results for clients, we typically use one piece of information / personal data to identify Candidates:

  • Candidate Name (the Person undertaking the assessment)

We may include gender and email address to help the client with identification of and communication with the candidate.

UNLESS THERE IS  A SPECIFIC REASON FOR DOING SO, NO OTHER CANDIDATE INFORMATION IS INCLUDED IN REPORTS / SPREADSHEETS. For example, we do NOT include: Date of birth, age, ethnic origin, residential address, CV, telephone number.

How we Identify Clients

When generating reports we use three pieces of information to identify Clients:

  • Client Name i (the Organisation requesting the assessment)
  • Client Name ii (the Actual Person to whom the report is issued)
  • Purpose of the Assessment (for example, the Position Applied For)

No other client information is included in the report.

The right to be informed / The right to object

Whenever a candidate undertakes an assessment, whether online or in a face-to-face setting, information is provided to the candidate relating to: General data protection; How the information is stored; How the information is used. Candidates are asked to give consent before proceeding to the actual assessment. If consent is not given, no assessment is presented and no data is collected.

Before any assessment takes place, candidates are advised, usually by the client, of the reason for the assessment (Examples are: For use in a selection assignment for a particular job role; as part of a professional development initiative; to support other development such as team building). This fulfils the principle of informed consent. Unless we have explicit, written consent from the candidate, we will not process data for reasons other than those given as part of the original assessment.

Candidates are entirely free to choose whether or not to take an assessment. If an objection occurs DURING an assessment (ie: after giving original consent but prior to completing the assessment), then the candidate can close the assessment and no processing will occur. If the objection occurs AFTER assessment (ie: once the assessment process is completed), candidates have a right to deletion.

The right of access; The right to rectification; The right to erase; The right to restrict processing.

Candidates have a right to contact us at any time following the assessment process regarding: Rights of access, rectification, erasure and restriction of processing. We will act promptly upon such requests and confirm our actions in writing.

Rights in relation to Automated Decision-Making

We do not operate any Automated Decision-Making Processes. Our assessments are offered to clients as part of their overall evaluation of the candidate.

Data Portability

The personal data collected as part of the assessment process is minimal. Upon request, we will work with test publishers to provide all personal data in a structured, commonly used, machine-readable and interoperable format.

Additional Notes

This page was last updated on  9th March 2020


For ALL enquiries or additional information relating to Data Protection, please contact:

Andrew Sidebottom –  / 07702 552086

or write to us at:

Data Protection, Andrew M. Sidebottom, 5 Northgate, Cottingham, HU16 4HL