I'm a Participant
      Back to home
      1. Knowledge Base
      2. I'm a Participant

      Privacy Policy (Extended)

      Last updated: 7th February 2025

      Shortlister Solutions Limited (SSL) provides video coaching and assessment software services operating under the brands Shortlister and Shortlist.Me. We are committed to protecting the personal data of all candidates who use our services.

      This Privacy Policy explains what personal data we collect, how we use it, and how we keep it secure, in accordance with UK data protection laws and the EU General Data Protection Regulation (GDPR).

      1. Our Role as Data Processor

      • Data Processor:
        Shortlister Solutions Limited (SSL) acts as a data processor on behalf of a third party (the Data Controller), which may be an organisation, employer, recruiter, educational institution, or other entity engaging our platform to help assess, train, or prepare candidates. The Data Controller determines the purposes and means of processing your personal data; we only process your data under their instructions.
      • Contact:
        If you have any questions about how your personal data is handled, you can reach our data protection contact by emailing privacy@shortlister.com

      2. Personal Data We Collect

      Data We Receive from the Data Controller/You

      • Full Name (first and last)
      • Email Address
      • (Potentially other similar identifiers as determined by the Data Controller)

      Data We Collect Directly from You

      • Interview Answer Videos (recorded responses)

      Assessment/Test Responses (e.g., personality, aptitude, or situational judgement tests)

      • CV/Resume or Similar Documents (if submitted as part of the assessment or training program)
      • IP Address and Web Pages Visited (to troubleshoot technical issues and improve system performance)

      Note: Not all data types will necessarily be collected in every scenario; the exact data collected depends on the instructions from the Data Controller.

      No Special Category Data

      We do not collect or process any special category data (e.g., health, ethnicity, religious beliefs).

        3. Lawful Basis for Processing

        We process your personal data to fulfill our contractual obligations with the Data Controller. Without your personal data, we cannot provide or facilitate your video coaching or assessment.

        4. How We Use Your Data

        We only use your personal data to:

        1. Facilitate Your Assessment or Training
          • Provide the video coaching or assessment service and deliver the results to the Data Controller.
        2. Provide Technical Support
          • Use IP addresses and access logs for troubleshooting and improving system reliability.
        3. Improve Our Services
          • We may convert personal data into anonymised or aggregated form. Once anonymised, it cannot be used to identify you personally.
          • We use such anonymised/aggregated data to understand how our platform is performing, identify usage trends, and refine or improve our services.

        We do not undertake any automated decision-making that would impact your outcome directly. In some instances, we may use automated processing to generate anonymised interview transcripts, summaries, and key highlights, but these do not determine any outcomes.

        5. Data Sharing with Third Parties

        In order to deliver our services, we may share your data with third-party providers as instructed by the Data Controller. Below is a summary of who we share your data with, the purpose, and where the data is located:

        Company

        Information shared

        Purpose

        Data location

        Heroku

        Name

        Email address

        Data storage

        EU

        Amazon Web Services

        Interview answer videos

        Data storage

        EU

        Mailgun

        Name

        Email address

        Email delivery

        EU

        Better Stack

        IP address

        Logging web pages visited

        EU

        Rev

        Audio recording

        Audio transcription

        EU

        *Assessment Day

        IP Address

        Assessment Facilitation

        EU

        *targetconnect

        Name

        Email

        Feedback URL

        Aggregation of data

        EU

        ***Enablement subject to Data Controller authorisation.

        6. International Data Transfers

        Where it is necessary to transfer your personal data outside of the UK or European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) and implement additional safeguards as appropriate. This ensures that your personal data receives an adequate level of protection.

        7. Security Measures

        We take information security seriously. Our safeguards include:

        • Encryption in transit and at rest
        • Strict access controls and strong password policies
        • Regular security reviews and updates
        • Access limited to authorised personnel only

        These measures help protect your data against unauthorised access, alteration, disclosure, or destruction.

        8. Retention of Personal Data

        • By the Data Controller:
          Your Data Controller sets the retention period for interview videos, test responses, and other personal data. We will remove or anonymise your information once the Data Controller instructs us to do so or when their retention period expires.

        9. Your Rights

        Under data protection laws, you have the right to:

        1. Withdraw Consent: Where processing is based on your consent.
        2. Access Your Data: Request a copy of the personal data we hold about you.
        3. Rectify Inaccuracies: Request correction of any inaccurate or incomplete data.
        4. Delete Your Data: Request deletion of your personal data where applicable.
        5. Restrict Processing: Request restriction of processing (e.g., while a complaint is being investigated).
        6. Object to Processing: Object to certain types of processing, including direct marketing.

        As SSL acts solely as a data processor, please direct any rights requests to the Data Controller. If you contact us, we will forward your request to them.

        10. How to Make a Complaint

        If you are dissatisfied with how your personal data has been handled or if you feel your rights have not been upheld, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK.

        Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

        11. Cookies and Tracking Technologies

        We may use strictly necessary cookies or similar technologies to:

        • Maintain session details (e.g., keeping you logged in)
        • Enable video streaming and other interactive features

        These cookies do not collect personal data beyond what is necessary to provide the service. We do not use cookies for profiling or targeted advertising.

        12. Updates to This Policy

        We may occasionally update this Privacy Policy to reflect changes in our practices or legal requirements. Any updates will be posted on our website with a clear effective date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

        13. Contact Us

        If you have any questions about this Privacy Policy or wish to know more about how we handle your personal data, please email us at: privacy@shortlister.com