Privacy Policy
Your privacy and data protection are fundamental to how we operate. This policy explains our commitment to keeping your information secure.
1. Introduction
Aptivum AS ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you use our assessment platform and services.
We comply with applicable privacy laws including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other regional privacy regulations.
2. Data Controller
Aptivum AS
Email: privacy@aptivum.com
For data protection inquiries and exercising your rights
3. Information We Collect
3.1 Personal Information
- Account Information: Name, email address, password (encrypted)
- Assessment Data: Responses to assessment questions, completion times
- Profile Information: Industry experience, role preferences, skills
- Organization Data: Company name, role for candidate assessments
3.2 Technical Information
- Usage Analytics: Assessment progress, time spent, completion rates
- Device Data: Browser type, operating system, IP address
- Performance Data: Response times, technical diagnostics
3.3 Payment Information
Payment data is processed securely by Stripe. We do not store full payment card details on our servers. We retain transaction IDs and billing information for accounting purposes.
4. How We Use Your Information
4.1 Assessment Services
- Deliver personalized assessments and generate skill profiles
- Create detailed reports and career recommendations
- Track assessment progress and completion
- Provide benchmarking and industry comparisons
4.2 Platform Operations
- Process payments and manage subscriptions
- Send assessment invitations and completion notifications
- Provide customer support and technical assistance
- Improve our algorithms and assessment quality
4.3 Legal Basis for Processing (GDPR)
- Contract Performance: Processing necessary to provide assessment services
- Legitimate Interest: Platform improvement, fraud prevention, analytics
- Consent: Marketing communications, optional data sharing
- Legal Obligation: Compliance with financial and tax regulations
5. How We Share Your Information
5.1 Assessment Results Sharing
When you complete an assessment through an organization's invitation, your results are shared with that organization as part of their evaluation process. This includes:
- Skill assessment scores and band ratings
- Competency profiles and recommendations
- Completion status and timing
5.2 Service Providers
- Payment Processing: Stripe (PCI DSS compliant)
- Email Services: Mailgun (transactional emails)
- Analytics: Google Analytics (anonymized data)
- Cloud Infrastructure: DigitalOcean (secure hosting)
5.3 Legal Requirements
We may disclose information when required by law, legal process, or to protect our rights, users, or the public from harm or illegal activities.
6. Data Security
Security Measures
- TLS/SSL encryption for all data transmission
- AES-256 encryption for data at rest
- Regular security audits and penetration testing
- Access controls and multi-factor authentication
- GDPR-compliant data processing agreements
While we implement industry-standard security measures, no system is completely secure. We continuously monitor and improve our security practices.
7. Data Retention
| Data Type | Retention Period | Purpose |
|---|---|---|
| Account Information | Active account + 2 years | Service provision, compliance |
| Assessment Results | Active account + 5 years | Historical analysis, benchmarking |
| Payment Records | 7 years | Legal, tax compliance |
| Analytics Data | 26 months (anonymized) | Platform improvement |
8. Your Rights
Under GDPR and Similar Laws, You Have the Right To:
- Access: Request copies of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a portable format
- Restriction: Limit how we process your data
- Objection: Object to processing based on legitimate interest
- Withdraw Consent: Revoke consent for optional processing
To exercise these rights, contact us at privacy@aptivum.com. We will respond within 30 days and verify your identity before processing requests.
You also have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.
9. International Data Transfers
Your data may be processed outside your country of residence. For EU residents, we ensure adequate protection through:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions for certain countries
- Appropriate technical and organizational safeguards
10. Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Essential: Authentication, security, basic functionality
- Analytics: Usage patterns, performance optimization (with consent)
- Preferences: Language settings, user interface customization
You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect platform functionality.
11. Children's Privacy
Age Restriction
Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information promptly.
12. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated through:
- Email notification to registered users
- Prominent notice on our platform
- Updated effective date at the top of this policy
Continued use of our services after changes constitute acceptance of the updated policy.
13. Contact Us
Data Protection & Privacy Inquiries
Email: privacy@aptivum.com
Subject Line: Privacy Policy Inquiry / Data Rights Request
Response Time: Within 30 days
General Support: support@aptivum.com
Legal Matters: legal@aptivum.com