Privacy Policy - Collaborative Capability Self-Assessments

Privacy Policy (last update: 28th Jan 2014)

This Privacy Policy explains how information associated with Your use of capabilityassessments.com is handled:

Service security – technical measures taken to protect your information.
Financial information – the handling of credit card payments.
Confidential information – how private information can and can't be used.
Information about Your access and use of the Service – what "meta" information is collected and how it can and can't be used.

Please also read the Terms of Use:

They contain definitions (clause 1) referred-to in this Privacy Policy.
They make reference (clause 5) to this Privacy Policy.
Acceptance of them is taken to also confirm acceptance of this Privacy Policy.

Note that in the event of any conflict or disagreement between this Privacy Policy and the Terms of Use, the Terms of Use will take precedence.

1. Service security

a. Data storage and transmission

All Data and Personal Data is stored within a secure database at NIP's UK offices. If You access or input information from any country outside the UK, You consent to it being transferred from one country to the other (including via any intermediate country) as a function of transmission across the internet.

The Website through which the Service is provided has an SSL Certificate, so all Data and Personal Data transferred between You and the Service is encrypted. However, You are responsible for ensuring that Your browser supports the encryption security used in connection with the Service.

b. Service access

Access to the Service is only possible with a valid Login and NIP has implemented several additional defensive measures:

Any attempt to navigate directly to a page when not logged-in results in the login screen being presented.
Failed login attempts are logged – along with the originating IP address – to a file on the server, which is regularly monitored.
To mitigate against the risk of malicious attempts to guess a valid Login, the Service deliberately uses one error message, regardless of whether the username or password is incorrect (or both).
Attempts to manually alter URLs to gain access to other parts of the Service are prevented (as well as also being forbidden by clause 3b of the Terms of Use) and an error message presented.

c. Password security

Your password is hashed, not known to NIP, and cannot be retrieved by NIP.

d. Cookies

It is not possible for NIP to provide the Service to You without the use of cookies, which are small bits of data stored on the device(s) You use to access the Service and the Website.

Each cookie expires after a certain period of time, depending on what it is used by NIP for, i.e.:

To authenticate Your identity, such as confirming whether You are currently logged-in to the Service.
To improve the Service, by measuring Your usage and tracking referral data.

By using the Service and agreeing to this Privacy Policy, you expressly consent to the use of cookies as here described.

2. Financial information

NIP uses Sage Pay to collect/process transaction information.

Please see Sage Pay's Security Policy for further information.

3. Confidential Information

Both of The Parties will take all steps as shall from time to time be necessary to protect the Confidential Information of the other.

To provide you with the Service, You grant NIP (and permitted sub-contractors or agents) the rights to:

Use Personal Data in the creation of a Login for you to access the Service.
Use, copy, transmit, store, and back-up the Data and Personal Data for the purposes of enabling You to access and use the Service.
Access Personal Data and Data as part of regular management of the Service.
Use Personal Data to contact You (typically by email) in connection with Your use of the Service.

However, except as permitted or contemplated hereunder, neither You nor NIP (and permitted sub-contractors or agents) shall at any time, for any reason whatsoever, disclose to any third party (or permit the disclosure of to any third party) the other's Confidential Information, in whole or part.

This obligation of confidentiality shall not apply to any Confidential Information which shall have come into the public domain without fault on the part of either party or which is disclosed to either party or is known to or recorded by either party prior to it entering into the Agreement.

Otherwise, though, no disclosure shall be made to any third party (other than to permitted sub-contractors or agents) by one party of the other party's Confidential Information without that other party's explicit consent, except:

To any person having a legal right or duty to obtain or require such Confidential Information; or
To any professional adviser, or other third party to whom it is essential that such Confidential Information be disclosed in, or for the purpose of, any legal proceedings or arbitration involving either party to the Agreement, or for normal accounting purposes.

As detailed in clause 2b of the Terms of Use, cancellation of the Service – howsoever occasioned – may result in NIP deleting Personal Data and Data after twenty-eight (28) days (although note that residual copies of Personal Data and Data may remain on offsite backup media for up to approximately twelve (12) months afterwards, or as required by law for accountancy purposes).

4. Information about Your access and use of the Service

As You access and use the Website and Service, various pieces of "meta" information are collected:

Information about how You access the Service, including (but not limited to):
- Your originating IP address (from which it may be possible to infer Your geographic location).
- The operating system and browser used.
Information about Your interaction with the Service, including (but not limited to):
The source that referred You (e.g. a link on a website or in an email).
Which pages You access and for how long.
When You perform actions (such as accessing and submitting an Assessment).

To collect this information, NIP uses a combination of (i) third party tracking services that employ cookies and page tags (e.g. Google Analytics), (ii) a web server log file that records each time a device accesses the Website and the Service, and (iii) a management interface to the Service.

NIP (and permitted sub-contractors or agents) uses such information as follows:

To manage the Service.
To better understand our customers' requirements and usage patterns, such that we can further develop the Service.
To contribute to aggregate statistics about the Service – e.g. numbers of users, average time taken to complete an Assessment, etc – which are only indirectly derived from Your use of the Service (along with other users of the Service) and that will never be presented to third parties in a way that can be used to identify You.