Privacy Policy and Information Security

What this policy covers

Your privacy is important to us and we like to be transparent about how we collect, use and share information about you. This policy is intended to help you understand:

What information we collect

We collect information about

How we use your information

How we use the information we collect depends on what product or service you use or access, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.

Visitors to our website

When someone visits our website, we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be explicit about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

If you provide us with information via one of the forms on our website, we may contact you by post, telephone and email. You are given the opportunity to opt-in to receiving this information at the appropriate section of the website when you register your details. If you no longer wish to be contacted in the future by us, follow the instructions on the specific mailing list or complete the form on our website: Email Preferences.

Use of cookies

To find out about the use of cookies on our website, see our Cookies Policy.

Email marketing

If you have opted in to our emails, from time to time, we may send emails to you regarding new services, releases and upcoming events. You may opt out of receiving newsletters and other secondary messages from us by selecting the ‘unsubscribe’ function present in every email we send.

We use a third-party provider, Campaign Monitor, for this type of email marketing. We gather statistics around email opening and clicks using technologies including clear gifs to help us monitor and improve our marketing communication. For more information, please see Campaign Monitor Privacy Policy.

FACE Assessment Toolsets – Third Party

If you request information specifically about our FACE Assessment Toolsets, your details will be passed to our Third Party Assessment Toolset Consultants - Way Finder and ARW Consultancy – who will contact you directly to provide the relevant information.

Your details will only be used to contact you about the information requested, unless you have also opted into our Mailing List in which case you will also receive information from Imosphere regarding new services, releases and upcoming events. You can opt out at any time by using the ‘Unsubscribe’ link in our emails.

Customer support

We use your information to resolve technical issues you encounter, to respond to your requests for assistance and to repair and improve our products and services. We use Zoho Desk to record help desk issues. For more information please see ZOHO Privacy Policy.

Website hosting

Imosphere uses a third party, Spiral Hosting. To deliver this service, it processes the IP addresses of visitors to the Imosphere website.

For more information, please see Spiral Hosting Privacy Policy.

People who contact us via social media

We use a third-party provider, Hootsuite, to manage our social media interactions.

If you send us a private or direct message via social media, the message will not be shared by us with any other organisations. For more information, refer to the privacy policy set out by each social media platform.

People who email us

Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

People who use our products and services

Our products and services include:

We have to hold the details of the organisations who have requested our product(s) and/or service(s) in order to provide it. However, we only use these details to provide the product and/or service the organisation has requested.

Job applicants, current and former Imosphere employees

Imosphere is the data controller for the information you provide during the recruitment process unless otherwise stated. If you have any queries about the process or how we handle your information please contact us.

Using the information you provide us

All of the information you provide during the recruitment process will only be used to progress your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

Information we ask for

The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

Application stage

As part of your application, we simply ask you to send in your CV.


Our hiring managers shortlist applications for interview. They will be provided with all the information on your CV.


We might ask you to participate in assessment days, complete tests or occupational personality profile questionnaires, and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by Imosphere.

If you are unsuccessful following assessment or interview for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise.

Decisions about recruitment

Final recruitment decisions are made by hiring managers and members of our recruitment team. All of the information gathered during the application process is taken into account.

You are able to ask about decisions made about your application by speaking to your contact within our recruitment team or by emailing

Conditional offer

If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our employees, their right to work in the UK and seek assurance as to their trustworthiness, integrity and reliability.

You will be required to provide:

If we make a final offer, we will also ask you for the following:

With your consent

We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer case studies to promote our products and services, with your permission.

Legal bases for processing (for EEA users)

If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the products or services you use and how you use them. This means we collect and use your information only where:

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the products and services.

How we store and secure information

Internal network

If you are employed by Imosphere, relevant details about you will be stored on our company network, which is protected by our access control policy.

Third party systems

If you are employed by Imosphere, relevant details about you will be entered into our HR and Payroll systems, provided by third parties.

Recruitment agencies

Imosphere sometimes advertises through contracted recruitment agencies. To find out about the specific information held by these agencies, please contact us.

How long we keep information

How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymise your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

Information you share on products

If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the product. For example, we continue to display assessments and reports you created and shared on our care management or analytics software systems.

Managed accounts

If the products you use are made available to you through an organisation (e.g. your employer), we retain your information as long as required by the administrator of your account.

Marketing information

If you have chosen to receive marketing emails from us, we retain information about your marketing preferences unless you specifically ask us to delete such information.

Job applicants

For job applicants, if you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus six years following the end of your employment. This includes your fitness to work, records of any security checks and references.

If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for six months from the closure of the campaign.

Information generated throughout the assessment process, for example interview notes, is retained by us for six months following the closure of the campaign.

How to access and control your information

Imosphere aims to be as open as possible in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by contacting us under the EU General Data Protection Regulation (GDPR). If we do hold information about you, we will:

To access, update or remove any personal information we hold about you a formal request must be sent to us. Clearly label your request as an ‘Information Request’ and send it to the address below.

St Nicholas Court
25-27 Castle Gate

Other important privacy information

Our products and services are not for personal use. Our products and services are purchased by organisations and used by organisations. Where the products and services are made available to you through an organisation (e.g. your employer), that organisation is the administrator of the products and services and is responsible for the end-users and/or sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the products and services are subject to that organisation's policies. We are not responsible for the privacy or security practices of an administrator's organisation, which may be different from this policy.

Even if the products and services are not currently administered to you by an organisation, if you are a member of a team administered by an organisation, or if you use an email address provided by an organisation (such as your work email address) to access the products, then the administrator of that team or the owner of the domain associated with your organisational email address (e.g. your employer) may assert administrative control over your account and use of the products at a later date. You will be notified if this happens.

Your rights

Under the GDPR, you have rights as an individual which you can exercise in relation to the information we hold about you.

You can read more about these rights here:

Disclosure of personal information

Imosphere will not disclose personal data without consent from the individual or relevant party, or unless required due to legal obligations.

Complaints or queries

Imosphere aims to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy policy does not provide exhaustive detail of all aspects of Imosphere’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.

If you want to make a complaint about the way we have processed your personal information, you can contact us.

Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

Changes to the privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 3rd April 2019.

How to contact us

If you want to request information about our privacy policy, please contact us.

Information Security

ISO/IEC 27001

Imosphere is an ISO/IEC 27001:2013 certified company, demonstrating our effective information security management system.

ISO/IEC 27001:2013 Information Security Management is the international standard for information security and ensures the correct people, processes, procedures and technology are in place to secure an organisation’s information assets.

Information security ensures the preservation of:

For further information about our Information Security policy, please contact us.

Cyber Essentials

We are Cyber Essentials compliant. The Government-backed Cyber Essentials scheme provides independent assurance that we have effective measures in place and take cyber security seriously.

For more information about the Cyber Essentials scheme, visit the website: