FAQs for candidates

You may have noticed that things are changing in the online world. From 25 May 2018, the new EU General Data Protection Regulation (GDPR) will be coming into effect across all member states (which still includes the UK).

We’ve also detailed below some of the most frequently asked questions to provide some detail about how we protect and use the data you provide us when undertaking a test or assessment online.

Is Thomas registered with the Information Commissioners Office?

Yes, Thomas is registered with the Information Commissioners Office (ICO) and our full details can be found on their register here.

What personal data does Thomas process?

To take an assessment or test, Thomas only require (as mandatory fields) the following:

  • Name
  • Email address
  • Gender
How does Thomas ensure my data is held securely?

We take security very seriously and make sure that our IT infrastructure protects our customer and candidate data.

We also ensure that as an organisation we have put in place training for our employees and implement policies to support data protection. At Thomas, we like to think that we treat your data as if it were our own and take the necessary steps to keep it safe.

Where is my data stored?

All candidate data for EU candidates (and for most of our global candidates) is stored in highly secure datacentres in London on our own dedicated servers. We also use the Cloud but ensure that all data stored in the Cloud remains within the European Economic Area (EEA).

Who has access to my personal data?

If you have undertaken a test for an employer, potential employer or educational establishment, then authorised users at such establishments would have access to your data.

Access to your data within Thomas is highly restricted to ensure that only those Thomas employees who need to see your data can.

Is my data used for research purposes?

Thomas will use some of your data for research and development to enhance and improve your experience as a candidate.

Our research and psychology teams are bound by the latest ethical guidelines and data protection laws.

Where feasible we will anonymise your personal information before conducting any research and only those individuals directly involved in the development and enhancements of our products will be given access.

We will only share aggregated, anonymised results of our research to third parties.

I’ve heard a lot about “new data subject rights”. What are these new rights and how do I exercise these?

The GDPR allows individuals to have more control and power over the data that we share and how this is used.

These enhanced rights include:

  • Right of access
  • Right to rectification
  • Right to erasure (or the “right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Automated individual decision making including profiling

Thomas’ clients are the organisations who will have asked you to undertake the assessments and act as the Data Controller.

Ultimately, as a data controller, they decide what data is being collected and how this is to be used. However, Thomas has responsibilities as the Data Processor to work with our clients to help candidates exercise any of their rights under the GDPR.

Should you require any assistance in exercising your rights and/or require access to any information, you can either contact the organisation who has requested you take the assessment. You can also contact Thomas at [email protected] and we’ll be happy to help!

Who should I contact if I have a query or concern about my data and how it is being used?

Should you have any queries and need our help, please contact our Data Protection Officer in the first instance at [email protected].

If you wish to escalate an issue or make a complaint, then you should contact the Information Commissioners Office (ICO). Full details of how to register a concern or make a complaint can be found at https://ico.org.uk/concerns/.