Mosaic Logo

Data Protection Statement

MosAIc Partnership Limited is a UK company. We offer business psychology services such as assessment and training to HR specialists, professional psychologists and other talent development practitioners. We work directly, or through international partners, with numerous multinational corporations and public sector bodies globally.

Under data protection legislation every individual has rights as to how their personal data is handled and we recognise the need to treat all such data in an appropriate and lawful manner, according to the nature and classification of such data. We are committed to complying with current legislation including the General Data Protection Regulation (EU) 2016/ 679 (GDPR), together with any applicable, enacting, successor or amending legislation.  The GDPR has strengthened the rights that individuals have regarding their personal data and seeks to unify data protection laws across the European Union, governing the rights of EU citizen data subjects, regardless of where their data is processed or stored.

Our Approach to Data Protection and Privacy. We provide robust privacy and security protections which have been built into our services and contracts. We apply a layered approach to data protection and privacy.

Data Protection Principles. We adhere to the following data protection principles:

  • lawfulness, fairness and transparency – personal data shall be processed lawfully, fairly and in a transparent way
  • purpose limitation – personal data shall be collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • data minimisation – personal data shall be relevant to the purposes we have told you about and limited only to those purposes
  • accuracy – personal data shall be accurate and kept up to date
  • storage limitation – personal data shall be kept only as long as necessary for the purposes we have told you about
  • integrity and confidentiality – personal data shall be kept securely, using appropriate technical and organisation measures.

Privacy Policies and Notices.  Our public Privacy Policy sets out how we handle data including how we collect, store and use personal data and special category data (previously known as sensitive personal data), our legal bases for processing personal data, information on transfers to third parties and outside the European Economic Area (EEA), as well as the rights of data subjects, including the right to withdraw consent.

Technical and Organisational Measures.  Our internal policies and procedures, including our Data Protection Policy and Data Retention and Destruction Policy, explain how our employees and consultants shall operate in respect of handling of personal data, special category data and other data protection matters, including collection, storage, processing and destruction of such data.  These internal policies and procedures set out the technical and organisational measures that we take in order to prevent unauthorised and unlawful processing, accidental loss or destruction or damage to personal data that we hold on behalf of our customers and others.  We expect all our officers, employees and consultants to comply with all applicable data protection policies and procedures in all aspects of their day-to-day work.

In our role as a data controller, we are responsible for implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with GDPR. Our data controller obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as fulfilling data subjects’ rights with respect to their data, together with only using data processors that operate in such a manner that their data processing will also meet the requirements of GDPR. 

In our role as a data processor, we are responsible for implementing appropriate technical and organisational measures to meet the requirements of GDPR, ensuring a level of information security appropriate to the risk, and acting in accordance with the relevant data controller’s instructions.  We enter into contractual agreements as appropriate with the applicable data controller, and also with sub-processors, to provide sufficient representations to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of GDPR.

Data Protection Officer and reporting of concerns. If you have any questions about our stance on data protection matters generally or how we process personal data, please refer to our Privacy Policy. 

MosAIc Partnership’s Data Protection Officer (DPO) is a Director of MosAIc Partnership Limited and is responsible for ensuring and monitoring compliance with data protection requirements, including GDPR. Our DPO should be contacted in the first instance in relation to any data protection concerns. 

We are fully committed to ensuring that we act in accordance with data protections laws as applicable, including GDPR, and will take seriously any data protection concerns you raise with us.

Further information

For information about this policy please contact our DPO for MosAIc Partnership Limited:

Updated May 2021