Privacy Policy for Assessment Participants

Last updated: 24 March 2026

Stay in Control

We believe that transparency and respect are the foundation of any healthy relationship. We appreciate that you trust us with your information, and we want you to feel safe about how we use it.

You own your personal data, and you are always in control. This privacy policy explains how HI Assessments AB ("we", "us", "our") processes your personal data when you participate in an assessment.

Who We Are

HI Assessments AB is the data controller for the use of your data as described in this notice. We process your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

When you complete an assessment on our platform, we act as the data controller for test performance and assessment results. This means we determine how and why your assessment data is processed, and we are directly responsible for protecting your information under GDPR.

While we share your assessment results with the organization that invited you, we maintain our own legal obligations and responsibilities for data protection compliance. Once shared, the organization becomes the data controller for their copy of your results and is responsible for how they use that data according to their own privacy policies.

Company Details:

  • Registration Number: 559527-9430
  • Address: Astreavägen 14, 18131 Lidingö, Sweden

For contact information, see the "Questions?" section at the end of this policy.

What Data We Collect

When you participate in an assessment, we collect the following personal data:

  • Contact Information: Your name and email address (provided by the organization that invited you)
  • Assessment Responses: Your answers to assessment questions, response times, and calculated scores
  • Technical Data: Device type, browser information, IP address (for security and platform improvement)
  • Assessment Integrity Data: When you take a Logic assessment, we collect anonymous event data that describes the conditions of your assessment session. This includes browser-level events (such as switching to a different tab or window) and, if you choose to enable your camera, face detection events (such as whether a face was visible). Each event records only what was detected and for how long — never images, video, or screenshots. We also record whether you granted or denied camera access. We never record, transmit, or store any video, images, or screenshots from your camera. If camera monitoring is enabled, all camera processing happens entirely within your browser and is never sent to our servers or any third party.

The personal data is collected from you directly, or from the organization you are employed by or seek employment with or through our reseller(s), as applicable.

Cookies and Similar Technologies

We use strictly necessary cookies to operate the assessment platform. These cookies are essential for the service to function and do not require your consent under applicable ePrivacy laws. For full details, see our Cookie Policy.

How We Use Your Data

We use your personal data for the following purposes:

1. Process Your Assessment

We process your Contact Information and Assessment Responses to generate assessment results that reflect your personality traits, cognitive abilities, or other measured characteristics.

Legal Basis: Legitimate interest (GDPR Article 6(1)(f)) – Our legitimate interest is to provide assessment services to organizations, and your legitimate interest is to be evaluated fairly and objectively. Contact us if you want to know more about how we have balanced your interests against ours.

Retention: If you start but don't complete an assessment, we retain your data for 6 months from your last activity. This allows you to return and complete the assessment you started, ensuring you can continue where you left off via any valid link. After 6 months of inactivity, your incomplete assessment is automatically deleted. If you complete the assessment, please see below for applicable retention time.

2. Share Results with the Inviting Organization

Your assessment results are shared with the organization that invited you to complete the assessment (your prospective or current employer). They use these results as part of their recruitment or employee development process.

Legal Basis: Legitimate interest (GDPR Article 6(1)(f)) – The organization's legitimate interest in making informed decisions based on assessment results. Contact us if you want to know more about how we have balanced your interests against ours.

Retention: Once you complete an assessment, we generally retain your data for 24 months on behalf of the organization where you are employed/seek employment with, unless that organization has decided on a shorter or longer retention time. Please visit that organization's privacy policy to learn more.

3. Assessment Integrity Monitoring

What this is. Logic assessments include integrity monitoring to help verify that assessment conditions are fair and consistent for all participants. This has two components: browser event monitoring, which detects activities like switching tabs or windows, and optional camera monitoring, which detects face-related events using your device's camera.

How it works. Browser event monitoring runs automatically during the assessment and detects tab switches and window focus changes. Camera monitoring, when enabled, uses on-device face detection technology running entirely in your browser. It checks whether a face is present, whether multiple faces are visible, and the general direction of your gaze. No video, images, facial geometry, or biometric data ever leave your device. No facial recognition is performed, and no biometric template or identifier is created.

What we send to the server. Only anonymous event data is transmitted — each event contains a type (such as "tab switch" or "face absent"), a duration, and a timestamp. These events contain no images, no video, and no information that could identify you visually.

How these events are used. Our server processes the events to determine an integrity status for your session, expressed as a qualitative category indicating the level of detected irregularities. This status, along with a breakdown of the events that influenced it, is shared with the organization that invited you. This helps organizations understand the conditions under which the assessment was completed.

Camera access is always your choice. You will be asked to grant camera access. You may decline. If you decline, the assessment proceeds normally — you are never prevented from completing an assessment because you chose not to enable your camera. Declining camera access is noted in the integrity status shared with the inviting organization.

Your score is not affected. Integrity monitoring does not affect your assessment score in any way. Your score reflects only your actual performance on the assessment and is calculated entirely independently.

Legal Basis: Legitimate interest (GDPR Article 6(1)(f)). We have a legitimate interest in verifying that assessment conditions are fair and consistent. We have balanced this against your rights by: (a) processing all camera data on your device without transmitting images or video, (b) collecting only anonymous event data, (c) making camera access optional, and (d) ensuring that declining camera access does not prevent you from completing the assessment.

Retention: Integrity event data and status are retained for the same period as your assessment data. If you start but don't complete the assessment, this data is retained for 6 months from your last activity and then automatically deleted. If you complete the assessment, the data is retained per the organization's agreed retention period (generally 24 months, unless otherwise specified). After the applicable retention period expires, integrity data is automatically and permanently deleted.

Make Your Results Portable for Future Use (Optional)

If you give us your consent, we will make your assessment results available for reuse when you are invited to assessments by other organizations on our platform. This allows you to avoid retaking the same assessments multiple times.

Legal Basis: Consent (GDPR Article 6(1)(a)) – You explicitly consent to this portability feature when you check the optional consent checkbox.

Retention: If you explicitly consent, we make your assessment results available for reuse with other organizations on our platform for 24 months.

You may withdraw this consent at any time by contacting privacy@hiassessments.com, which will immediately prevent future reuse while maintaining our legal retention.

After the 24-month retention period expires, your personal assessment data is automatically and permanently deleted from our systems.

4. Provide Support

In case you need support with an assessment or your account, we may need to access your view. When we do this, we will see everything you see on your screen, including any personal data. We may also provide support through our customer service (e.g., through our in-app chat or e-mail). If so, we process the personal data you provide to us when making a support request.

Legal Basis: Legitimate Interest (GDPR Article 6(1)(f)) – Our legitimate interest to provide you support. Contact us if you want to know more about how we have balanced your interests against ours.

Retention: We will only gain access and process your personal data to accommodate your support request and our access will be switched off / your personal data be deleted as soon as the support is finalized (the ticket resolved).

5. Improve Our Assessments

We use anonymized and pseudonymized assessment data to improve the accuracy and fairness of our assessments, identify and reduce bias, and ensure our questions remain scientifically valid. This processing uses data that cannot identify you personally or has identifying information removed.

Legal Basis: Legitimate Interest (GDPR Article 6(1)(f)) – Our legitimate interest in maintaining high-quality, scientifically valid, and fair assessment tools that benefit all users. Contact us if you want to know more about how we have balanced your interests against ours.

Retention: We will keep your pseudonymized data up to 24 months from collection.

Data Sharing

We share your personal data with the following recipients:

The Inviting Organization

Your assessment results are shared with the organization that invited you (your prospective or current employer). They are responsible for how they use your results in their recruitment or employee development process.

Assessment Integrity Results

If integrity monitoring was active for your assessment, the inviting organization receives your integrity status (a qualitative category indicating the level of detected irregularities) and a breakdown of the events that influenced it. This breakdown contains only event types, occurrence counts, and durations — never images, video, or biometric data.

Service Providers

We use trusted service providers to deliver our platform:

  • Hosting providers: For secure data storage and platform availability
  • Email service providers: To send assessment invitations and notifications
  • Support tools: To provide customer service if you need assistance

These providers process your data only on our behalf and under strict contractual obligations (Data Processing Agreements).

International Transfers

Your personal data is primarily processed within the EU/EEA. If we transfer data to countries outside the EU/EEA, we ensure it is protected through:

  • EU Standard Contractual Clauses (approved by the European Commission)
  • Encryption during transit and at rest
  • Contractual safeguards with all data recipients

We do not sell your personal data to any third party.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

1. Right of Access

You can request a copy of all personal data we hold about you and information about how we process it.

2. Right to Rectification

If any data we hold is incorrect or incomplete, you can request that we correct or complete it.

3. Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data if:

  • It is no longer needed for the purposes we collected it
  • You withdraw your consent (where processing is based on consent)
  • You object to processing based on legitimate interest, and we have no overriding legitimate grounds
  • The data has been processed unlawfully
  • Deletion is required by law

Important Limitation: We may continue to store your data if necessary for establishing, exercising, or defending legal claims.

Note: If you have completed an assessment, the organization that invited you will also receive a copy of the result. That organization will be the data controller for their copy of your results. Deletion requests for that data should be directed to them according to their privacy policy.

4. Right to Data Portability

You can request to have your assessment result in a structured, commonly used, machine-readable format and transmit it to another controller.

5. Right to Restriction of Processing

You can request that we temporarily restrict processing of your data while we verify accuracy or resolve objections.

6. Right to Object

You can object to processing based on legitimate interest. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

7. Right to Withdraw Consent

If processing is based on your consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

How to Exercise Your Rights

Contact us at privacy@hiassessments.com with your request. We will respond within 1 month (extendable by 2 months for complex requests, with notification).

Your Right to Complain

If you believe we are not processing your personal data in accordance with GDPR or other applicable laws, you have the right to lodge a complaint with a supervisory authority.

Swedish Supervisory Authority:

You can also lodge a complaint in the EU/EEA country where you live or work or where you believe an infringement has taken place.

Updates to This Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices or legal requirements.

Material Changes: We will communicate significant changes that affect your rights or how we process your personal data via email or platform notification before they take effect. Material changes include modifications to retention periods, legal bases for processing, data sharing practices, or your rights.

Minor Updates: Non-material changes such as clarifications, contact information updates, or formatting improvements will be published directly to this page without individual notification.

You can always find the latest version at: https://www.hiassessments.com/privacy/participants

We encourage you to review this policy periodically to stay informed about how we protect your data.

Questions?

If you have any questions about this privacy policy or how we process your personal data, please contact us: