Information our security and privacy policies.
We take the security of your personal information very seriously. This article outlines some of the ways we protect both your personal data and the Clevry platform more generally.
Security of Test Content
Our online assessment platform has been designed specifically to ensure the security of our test materials and their content. This is achieved through the following methods:
- Randomised questions: Each of our tests have a generous item bank which means that if you were to take a test more than once, you are likely to see a different set of questions. For the purposes of verification and test-resets, it is automated that the candidate is presented with a new set of questions. The ordering of test forms and items is also randomised to prevent opportunities for cheating and collusion.
- Secure scoring: The correct answers to a test are never made public.
- Validation of identity: Our tests can only be accessed using a unique ID and password, which is sent to each individual test-taker, or a unique link representative of this information.
- Authentication: Only authorised personnel from the client organisation are given access to assessment data. This access can be restricted and removed instantaneously upon request from the client, ensuring confidentiality and preventing potential for misinterpretation.
- Frequent review: Widely used tests are frequently updated to minimise any overfamiliarity among candidates.
Security of the Platform
There are two areas of security that Clevry users must work to protect:
- Online security of assessments
- Security of assessment data
1. Online security of assessments
The Clevry system is hosted within the Microsoft Azure solution, which brings the highest possible levels of security, resilience, and reliability of service. This service offers the security described below:
- All data is hosted either in the UK, or Ireland, within a physically secure data-centre.
- The Clevry website is continuously backed up.
- The Clevry database is continuously backed-up.
- Should either the website or database fail, the system automatically switches over to the backed-up/mirrored version.
- Azure are certified to ISO27001 guidelines.
The Clevry system employs TLS encryption technology to preserve the security of data transfer. This means that when you and your respondents access the system, the data being sent to Clevry (such as responses to a personality questionnaire) are encrypted. Access to Clevry is restricted by password access; candidates are not permitted to use the same passcode twice for the same assessment to preserve the security of their assessments. To preserve the online security of Clevry and the assessments, users must ensure that access passcodes are only made available to legitimate respondents and users.
Please contact Clevry for further information as to the physical security of our hosting provider,
disaster recovery procedures, and system maintenance.
Find a visual representation of the Microsoft Azure / Clevry environment below:
2. Security of assessment data
Clevry is an ISO 27001 certified organisation, which means all our data handling and storage policies, processes, and procedures are benchmarked to the highest industry standards (Certificate number: 291682018). Evidence of this verification can be supplied upon request. Any assessment data that you store must be kept securely to preserve its security and the boundaries of confidentiality you agree with your respondents. The security data should be protected by applying equivalent principles of data storage.
Data on Clevry is stored securely at a data centre based in the UK. Data restoration is available as soon as new hardware is ready to receive the streamed back-up data. No data is moved outside of the UK (or EU). Hardware is disposed according to WEEEI guidelines. In terms of information security our hosting provider works to ISO27001 guidelines.
The website and database is continuously backed-up, and there is also a second version held at a different location which is continuously backed up. We provide a triple level of resilience by performing nightly back-ups of Clevry database to our local network servers, in two separate locations.
Privacy: Meeting GDPR requirements
At Clevry we are committed to protecting and respecting the privacy of both clients and candidates in accordance with General Data Protection Regulation (GDPR) requirements. This applies to the information that we process on the Clevry platform for the purposes of providing psychometric assessment and reporting services. For these services, Clevry will act as the ‘Data Processor’ for the client, who is the ‘Data Controller’. Clevry commits to taking all of the necessary steps to ensuring the security of data through compliance with the six principles outlined in Article 5 of the GDPR. Some of the steps undertaken by Clevry to ensure compliance are detailed below:
- All personal data on the Clevry platform is processed solely for the purposes of providing psychometric assessment and reporting services.
- Transparency: Clevry will provide all ‘natural persons’ with easily accessible, clear
information about the purposes of data processing and the identity of the data controller (client name) and processor (Clevry). - Personal data shared on our online Clevry platform requires informed opt-in consent from each respondent. This appears in the form of a consent pop-up which appears prior to registration.
- As a participant, your contact data and assessment data is kept for 12 months as standard.
- If you are hired for a role and the client makes use of performance tracking features on Clevry, your data will be kept for 24 months. After this time your data is anonymised and archived.
- This means that you will no longer be identifiable from the archived data, which we keep for research purposes. This period of 12 or 24 months may be less if requested by the client, but will never be longer.
- Confidentiality; Clevry will never sell or rent your information to third parties, or share your information with third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order for the purposes of prevention of fraud or other crime.
- No data is transferred outside of the EU, unless the client for whom you are completing the assessments operates outside of the EU.
- Candidates retain the right to access any of their personal data stored by Clevry
The right to data portability; where technically feasible and appropriate Clevry will
endeavour to make personal data available to be transmitted directly from controller to controller. - Clevry will operate in such a manner that incorporates all of the other rights of the natural person e.g. right to withdraw, right to erasure.
Further information about how Clevry handle data can be found in our privacy policy.
Last Updated: January 2024