Privacy and Data Processing Agreement FAQs
If I am in the EU/EEA, can I safely transfer my data to the US?
Yes. The Standard Contractual Clauses (“SCCs)” are a valid mechanism for data transfer from the EU/EEA to the U.S, and we require them for all data transfers from the EU/EEA. The SCCs are incorporated into our Data Processing Agreement (“DPA”), linked below.
Because PI is headquartered in the United States, we may have a need to transfer your Personal Information from non-U.S. Respondents and other Users to the United States. We may also have a need to transfer your Personal Information (regardless of where you live) to other countries or places in which we or our customers, distributors, or subcontractors, maintain offices or facilities. As part of the registration process to take a PI assessment, you are asked for your consent to our Services Privacy Policy and agree to allow us to transfer your information outside your home country and to process it inside the United States or elsewhere for the purposes stated in the Services Privacy Policy.
We do not collect information from children. PI assessments are not designed to be administered to anyone under the age of 18, therefore we do not solicit or collect any type of information from anyone under the age of 18.
For further information about information collected from visitors to our website, please see our Website Privacy Policy here.
What about the UK?
PI’s DPA (found below) incorporates the SCCs and the International Data Transfer Addendum to the EU Commission SCCs for UK Personal Data (“UK Addendum”). If you are located in the UK, or have data subjects located in the UK, please sign the UK Addendum as well as the SCCs.
Where can I find PI’s DPA?
You may find a pre-signed version of PI’s DPA here.
Does PI belong to the Data Privacy Framework (“DPF”)? And if yes, can I rely upon that for my data transfer?
PI does belong to the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF. For more information on that, please refer to the Data Privacy Framework Policy.
While PI belongs to the DPF, we still require the SCCs to be entered into and act as the primary data transfer mechanism for data from the EU/EEA/UK to the US. There are already legal challenges to the DPF that make the SCCs the more reliable mechanism for data transfers at this time. PI will, however, maintain its DPF certification.
Does PI have a Data Protection Officer (DPO)?
No, PI does not have an in-house DPO. Under the GDPR, a company is only required to appoint a DPO if its core activities involve processing of sensitive data on a large scale or involve large scale, regular and systematic monitoring of individuals. PI’s processing does not fall into these categories and, as such, we do not have an in-house DPO. However, PI does utilize the European Data Protection Office (EDPO) to act as our Data Protection Representative in the EU.
With respect to certain US state laws and federal regulations that require organizations to appoint one or more employees to maintain its information security program, PI has a dedicated security team that is responsible for the maintenance of its information security program and that works to ensure the security of your Personal Information.
How does PI protect the security of my Personal Information?
PI maintains appropriate technical and organizational security measures designed to ensure the security of Personal Information (as defined in the Services Privacy Policy) and to protect such Personal Information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. PI has a written data security policy that describes the policies and procedures by which we and our employees maintain data security.
However, despite all of our efforts, no security safeguards or standards are guaranteed to provide 100% security. Please protect your password information, unique PI assessment email invitation and its contents, and use caution when logging into your account from a shared or public computer.
What are “subprocessors?”
Subprocessors are third parties engaged by PI that help us provide our products and services to you, and in doing so, have access to your data. Our “Technical Subprocessors” help us with our technology infrastructure (such as our web servers and hosting providers), and our “Service Subprocessors” are members of PI Partner network (and their subcontractors) that help us provide PI services to you. A complete list of our Technical Subprocessors may be found here: https://www.predictiveindex.com/privacy/subprocessors/
How can I change, update, or delete my Personal Information?
Respondents
If you are inquiring about information collected in connection with a PI assessment, please contact the company who requested that you take the assessment. PI is not a “controller” of the Personal Information of Respondents, and will pass any requests along to our Customers and will not respond to the request itself. We do not control or own assessment data and we handle it on behalf of our Customers as a data processor. We process assessment data governed by the written agreements in place with our Customers and to the extent necessary to comply with applicable law. To the extent instructed by our Customer and in accordance with our customer agreement and applicable law, we will assist a Customer in complying with Respondent data access requests by providing relevant information and support to the particular Customer to enable it to comply with the request.
Customers and Users
If you would like to have your user personal information deleted from our systems, please contact us at privacy@predictiveindex.com or contact your administrator.
Pursuant to Article 27 of Europe’s General Data Protection Regulation (GDPR), Predictive Index, LLC has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by sending an email to privacy@edpo.brussels, using EDPO’s online request form, or writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.
Wait, what if I have questions? Am I supposed to sign the DPA?
If you have any questions or concerns, shoot us an email to privacy@predictiveindex.com. If you are not the authorized person to sign for your company for these types of things, please forward to your legal department or Privacy Officer.
Contact Us
If you have any questions, comments or complaints about this Policy or the enforcement of this Policy, or would like to request access to your Personal Data, please contact us as follows:
Predictive Index, LLC
101 Station Drive
Westwood, MA 02090
ATTN: Privacy
Phone: 800-832-8884
Email: privacy@predictiveindex.com
If you are in the EEA, you also have the right to complain to the local data protection authority (DPA) within the EEA. You can find the details of your local DPA here.
Updated October 10, 2023