Privacy Policy

1. Who We Are

PRODICTA Ltd ("Prodicta", "we", "us", "our") is the data controller for personal data processed through the Prodicta platform. Our contact details are:

For data protection queries, contact us at hello@prodicta.co.uk.

2. Data We Collect

Account and profile data: when you create an account, we collect your email address, company name, and account type (direct employer or recruitment agency). We also collect any profile information you add in Settings.

Assessment content: job titles, job descriptions, skill weightings, and assessment templates you create.

SSP and employment records: statutory sick pay calculations, absence records, holiday pay entitlements, attendance logs, assignment review notes, and Fair Work Agency compliance packs generated through the platform. You are the data controller for this data; we process it on your behalf as a data processor.

Document templates: pre-filled employment document templates generated through the platform including assignment letters, SSP forms, and probation letters.

Candidate data: names, email addresses, and assessment responses of candidates you invite. You are the data controller for this data; we process it on your behalf as a data processor.

Usage data: information about how you use the Service, including pages visited, features used, and assessment activity. This helps us improve the platform and enforce usage limits.

Technical data: IP address, browser type, device information, and session data collected automatically when you use the Service.

Payment data: if you have a paid subscription, payment processing is handled by our payment provider. We do not store full card numbers.

2a. How AI is used in PRODICTA

PRODICTA uses AI to analyse candidate assessment responses and produce structured reports. This section explains what data the AI uses, what it does not use, how long outputs are stored, and how candidates can request human review of AI-generated findings.

What data the AI receives

When a candidate completes an assessment, the following information is provided to the AI scoring engine:

• The job description for the role
• The role context information provided by the agency or employer (e.g. seniority, key responsibilities, sector)
• The candidate's typed responses to each scenario
• Time taken to complete each scenario
• Response integrity signals (typing patterns, copy-paste detection, completion timing)

The AI uses this information to generate scoring across defined skill dimensions, identify strengths and watch-outs with evidence, and produce a structured assessment report.

What data the AI does not use

The AI scoring engine does not receive or use:

• Candidate name, age, or date of birth
• Demographic information including ethnicity, nationality, religion, gender identity, or sexual orientation
• Photographs, video, voice recordings, or biometric data
• Any information not directly contained in the candidate's responses or the role context
• Information from previous assessments unless explicitly part of the current role context

PRODICTA does not use AI to make decisions based on protected characteristics under the Equality Act 2010.

How long AI-generated outputs are stored

Assessment reports, scoring data, and supporting analysis are stored for the duration of the customer's account, plus a retention period of 6 months after account closure unless the candidate requests earlier deletion.

Candidates have the right to request deletion of their assessment data at any time by contacting the agency or employer who invited them, or by emailing hello@prodicta.co.uk.

Right to challenge AI-generated findings

Under UK GDPR Article 22, candidates have the right to request human review of any decision made about them that is significantly informed by AI processing.

To request human review, candidates can:

• Contact the agency or employer who invited them to the assessment
• Email hello@prodicta.co.uk with the candidate's name, the role assessed for, and the specific finding being challenged

PRODICTA will arrange for a human review within 7 days of the request.

It is important to note that all hiring decisions made via PRODICTA are made by humans (the agency or employer who invited the candidate). PRODICTA's AI scoring is provided as input to that human decision-maker; it does not make hiring decisions on its own.

3. How We Use Your Data

• To create and manage your account and provide access to the Service
• To generate AI-powered candidate assessments and scoring
• To send transactional emails such as candidate invitation links, account confirmations, and password resets
• To enforce plan usage limits and manage your subscription
• To improve the accuracy and functionality of our AI models (using aggregated and anonymised data only)
• To respond to support requests and communications
• To generate SSP calculations, holiday pay records, Fair Work Agency compliance documentation, and employment document templates
• To send automated alerts for SSP checks, placement health changes, assignment performance deviations, and pre-start risk notifications
• To comply with legal obligations and enforce our Terms of Service
• To send product updates and service announcements (you can opt out at any time)

4. Legal Basis for Processing

5. Third-Party Services

We use the following trusted sub-processors to deliver the Service:

We do not sell your personal data to third parties. We do not share personal data with advertisers.

6. Data Retention

• Account data is retained for as long as your account is active, plus 30 days following deletion
• Candidate assessment data is retained for as long as you maintain your account or until you delete it
• Anonymised and aggregated data may be retained indefinitely for product improvement purposes
• Billing and transaction records are retained for 7 years as required by UK tax law
• SSP records and absence documentation are retained for a minimum of 3 years in accordance with HMRC requirements
• Holiday pay records are retained for a minimum of 6 years in accordance with HMRC requirements effective 2026
• Fair Work Agency compliance packs are retained for as long as your account is active
• You may request deletion of your data at any time by emailing hello@prodicta.co.uk

7. Your Rights Under UK GDPR

As a data subject, you have the following rights. To exercise any of these rights, contact us at hello@prodicta.co.uk.

We will respond to requests within one month. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Candidate Data: Special Note for Employers

When you use Prodicta to assess candidates, you act as the data controller for candidate personal data. You are responsible for:

• Informing candidates about how their data will be used before they complete an assessment
• Ensuring you have a lawful basis for processing candidate data
• Responding to candidate data subject requests relating to their assessment data
• Ensuring candidate data is only used for legitimate recruitment purposes

Prodicta's Data Processing Agreement (DPA), available on request, governs our processing of candidate data on your behalf.

9. Cookies

Prodicta uses essential cookies only. These are strictly necessary for the platform to function, specifically for managing authentication sessions. We do not use advertising, analytics, or tracking cookies.

You can control cookies through your browser settings, but disabling essential cookies will prevent you from logging in.

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), encrypted storage, row-level security in our database, and access controls. Despite these measures, no system is perfectly secure. If you believe your account has been compromised, contact us immediately at hello@prodicta.co.uk.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and, where required, notify the ICO within 72 hours of becoming aware of the breach.

11. International Transfers

Some of our sub-processors are based outside the UK or EEA. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK ICO, or an adequacy decision.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice in the platform at least 14 days before the changes take effect. The "last updated" date at the top of this page reflects the most recent revision.

13. Contact and Complaints

For any privacy-related questions or to exercise your rights, contact us at hello@prodicta.co.uk. We aim to respond to all requests within 30 days.

If you are unhappy with how we have handled your data, you may complain to the ICO: ico.org.uk/make-a-complaint.