FirstMind Ltd

Privacy Policy

FirstMind Ltd (“we”, “our”, and “us”) is committed to ensuring that your (the Company and test sender) and test takers privacy is protected. Set out below is how we use the information we collect and receive and how to tell us to use collected information, or to limit its use.


We are FirstMind Ltd, a limited liability company registered in England and Wales with company registration number 1245330. Our registered office address is 21 Buckingham Gate, SW1E 6LB.

FirstMind (test provider) provides a web-based and/or app-based platform that offers talent-focused personality assessments to help companies (test sender) make better people decision in regards to recruitment, leadership development, employee development, and team composition. The FirstMind platform enables companies to send out personality assessments to job applicants and employees (test taker) to get greater insights and make more informed people decisions. Test takers are provided with a questionnaire to complete on the FirstMind platform and, on completion, FirstMind generates a personality profile based on FirstMind algorithms derived from neurological and behavioural research. The FirstMind platform can be accessed through the Company’s (test sender’s) personal domain (the “Site”)

FirstMind Ltd is the Data Processer and the Company (test sender) is the Data Controller of any personal data provided and/or collected to complete an assessment on the FirstMind platform and both are subject to applicate data protection laws.

Contacting Us

If you have any questions about this data privacy policy or your information, or to exercise any of your rights as described in this policy or under applicable data protection laws, you can contact the Data Protection Officer at:

Data Protection Officer

FirstMind LTD

21 Buckingham Gate





Anyone processing personal data must comply with the principles of processing personal data as follows:

  • Lawfulness, fairness and transparency – data must be processed lawfully, fairly and in a transparent manner.
  • Purpose limitation – data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  • Data minimization – data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Accuracy – data must be accurate and, where necessary, kept up to date.
  • Storage limitation – data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Integrity and confidentiality – data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.

This privacy policy describes the personal information that we collect from and about customers using the FirstMind Platform, and explains how we comply with these principles.


Information the Company gives us

You may give us information about you and/or test takers by registering or filling in forms on the FirstMind Platform or by corresponding with us by phone, email or otherwise. This includes information you provide when you:

  • register as a user profile on the FirstMind Platform (your name and email address);
  • send out assessments (for example test taker’s name and email address)
  • fill out additional information about test takers (for example phone number, location and LinkedIn URL)
  • communicate with us by phone, e-mail, or otherwise;
  • sign up to receive our newsletter;

Information we collect from users of the FirstMind Platform
We will collect and store information regarding who you send assessments to through the FirstMind Platform.

We may also automatically collect, store and use information about your visits to the FirstMind Platform and about your computer, tablet, mobile or other device through which you access the FirstMind Platform. This includes the following information:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and geographical location; and
  • information about your visit and use of the FirstMind Platform, including the full Uniform Resource Locators (URL), clickstream to, through and from the FirstMind Platform (including date and time), pages you viewed and searched for, page response times, download errors, and length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), and website navigation and search terms used.

Information we collect from test takers
The FirstMind Platform allows you to send assessments to yourself through public forms. These forms capture the information, you enter, and stores it in the Company’s database, equally as if the test sender would send you an assessment. This information includes your name, email address, phone number, location, and LinkedIn profile URL.

As you accesses the FirstMind Platform to complete the assessment/questionnaire you have received, we will collect and store the your responses to each of the 220 questions.


The personal data collected will be used by us to generate a personality profile and the Company in order to gain information about the people (job applicants, employees, and/or others) they wish to assess. The personal data collected will also be used by us to gain information about the usage of the FirstMind Platform and the FirstMind Assessment.

The personal data collected will be used by the Company to:

  • Send the test taker an assessment
  • generate the test taker’s personality profile, which is stored in the Company’s database.
  • assess the test taker’s personality profile to make better and informed decisions
  • keep an overview of the test taker’s contact information
  • help deal with test taker’s queries, complaints or concerns; and
  • if applicable, notify test taker’s about changes to this Privacy Policy when required

We consider that these uses of personal data are necessary for the performance of a contract with the Company.

Your personal data will be used by us in order to:

  • Send autogenerated emails to the Company and test taker’s to notify them that an assessment is waiting and/or an assessment has been completed
  • administer the FirstMind Platform including troubleshooting, data analysis, testing, research, technical support, computer system processing, security, maintenance, activity verification, statistical and survey purposes;
  • as part of our efforts to keep the FirstMind Platform safe and secure;
  • notify you about changes to our service;
  • ensure that content from the FirstMind Platform is presented in the most effective manner and optimize for usage of computer, mobile device or other item of hardware through which Platform users access the Platform

We consider that these uses of personal data are necessary for the purposes of our legitimate interests in maintaining and administering the FirstMind Platform and marketing and developing our services.

Where the Company, Platform user and/or test taker have given us consent, we shall provide information about news and publications, which we think will be of interest. The consent can be withdrawn at any time, but without affecting the lawfulness of processing based on consent before its withdrawal. These details may be updated or change at any time by contacting us as given in “Contacting us” above.

We may also use aggregate information and statistics for the purpose of monitoring website usage and test research in order to help us develop the website and our services. These statistics will not include information that can be used to identify any individual.


In order to provide the FirstMind Platform service, we will need to share the Company’s, Platform users, and test taker’s personal information with authorized and approved subdata processors. These subdate processors includes and are limited to:

  • AWS (Amazon)
  • Heruko
  • Mailgun
  • Stripe

Subdata processor contracts must be in writing and imposed with the same obligations regarding handling of any subject therein as applies to the data processor under the Data Processing Agreement between FirstMind and the Company, as well as existing laws at any time.

Upon request from the Company, we share test taker’s personal data with any member of our corporate group for the member to deliver an ordered service (for example feedback to test taker)

We may also disclose personal information to third parties if we are under a duty to disclose or share personal information in order to comply with any legal obligation.


We store all information in electronic format. We use industry standard procedural security measures to protect information from the point of collection to the point of destruction. We use, as appropriate, encryption, firewalls, access controls, policies and other procedures to protect information from unauthorised access. Where appropriate, we use pseudonymisation, anonymization and / or encryption to protect your information

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Where data processing is carried out on our behalf by a third party, we will endeavour to ensure that appropriate security measures at least as stringent as those contained herein and in the Data Processing Agreement between FirstMind and the Company are in place including to prevent unauthorised disclosure of personal information.


FirstMind Ltd offices are currently only in the UK but as part of a growing international organisation we may end up having other offices around but not only subject to Europe. Authorised personnel may access personal information in any country in which we operate if permitted to do so by applicable law.

Regardless of where information is transferred, we shall ensure that the information is safe and shall take all steps necessary to put in place appropriate safeguards to ensure that information is treated securely and in accordance with this policy and applicable law.


Personal information received by us will be retained for the minimum period of time as required by law, after which time it will be destroyed in a secure manner. Please note that if personal information is shared with third parties (as detailed above) they may have different retention policies.


Under European Union data protection laws, you have the following rights:

  • Access.  You may contact us at any time in order to request access to the personal information we hold about you. We will confirm whether we are processing your personal data, provide details of the categories of personal data concerned and the reasons for our processing. We can also provide you with a copy of your personal information on request.
  • Rectification.  If the information we hold appears to be inaccurate we will not use it, and not allow others to use it, until it is verified. You can ask us to correct or complete your personal data by contacting us at any time.  To the extent possible, we will inform anyone who has received your personal data of any corrections we make to 
  • Restriction. In certain circumstances, it may be possible to require us to limit the way in which we process your personal information (i.e., require us to continue to store your personal data, but not otherwise process it without your consent).
  • Erasure.  You may ask to have the information on your account deleted or removed.  We will try to do so promptly, and, to the extent possible, we will inform anyone who has received your personal information of your request. However, we must keep track of certain transaction information, such as past purchases and similar information, for legal compliance purposes, so we may not be able to fully delete your information in certain circumstances.
  • Receiving/transferring your personal data. You may also ask us to send you the personal data we hold on you in an electronic, structured and user-friendly format, or you may ask us to send this data to another entity.  Please note that if you choose to ask us to send your personal data to you or another party, this may impact our ability to provide the products and services you requested.
  • Object.  Where we are processing your personal information without your consent to pursue our legitimate interests, you may object to us processing your personal data. In particular, where we are using your personal data to contact you for marketing purposes, you may object to such processing at any time.
  • Automated decision-making. You have the right to be informed of any automated decision-making, including profiling, used in connection with your personal data, and we will provide information about the logic we apply, as well as the significance and consequences of such processing.

Complaints. If you are located in the EEA and you believe that our processing of your personal data is in breach of data protection law, you have the right to lodge a complaint with the relevant data protection supervisory authority in the country where you are based or any place in the EEA where you believe the infringement has occurred. A list of EU national data protection authorities can be found here. You may also contact us at any time if you wish to complain about our processing of your personal data.


All parties can exercise any rights as described in this policy and under data protection laws by contacting the Data Protection Officer.

Save as provided under applicable data protection laws, there is no charge for the exercise of legal rights. However, if requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee (subject to any limits imposed by applicable law) taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.

Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm their identity.


A cookie is a small amount of data which often includes a unique identifier that is sent to your computer or mobile phone (your “device”) from the FirstMind Platform and is stored on your device’s browser or hard drive.

The cookies we use on the FirstMind Platform won’t collect personally identifiable information about you and we won’t disclose information stored in cookies that we place on your device to third parties.

By continuing to browse the FirstMind Platform, you are agreeing to our use of cookies.

If you don’t want us to use cookies when you use the FirstMind Platform, you can set your internet browser not to accept cookies or use incognito mode. However, if you block cookies some of the features on the FirstMind Platform may not function as a result.

You can find more information about how to manage cookies for all the commonly used internet browsers by visiting This website will also explain how you can delete cookies which are already stored on your device.

For use where Google Analytics used only. We only use “Google Analytics” on this Site. This cookie provides us with a visitor count and an understanding of how visitors move around and use the website. We can then use this information to improve navigability and the Site generally. The cookies we use on the Site won’t collect personally identifiable information about you and we won’t disclose information stored in cookies that we place on your device to third parties.

Visitors to our Site can adjust their browsers to refuse cookies but if not adjusted, the Site will deliver the cookie as soon as the Site is visited. You can find more information about how to manage cookies for all the commonly used internet browsers by visiting  This website will also explain how you can delete cookies which are already stored on your device.

We are obliged by Google Analytics to state the following:

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above..


The FirstMind Platform contains links to other websites for ease of reference. We do not endorse any sites that are linked from the FirstMind Platform and do not assume any responsibility for the content of any such website.

You may not link the homepage or any other parts of this website without out prior written consent.

This policy was last reviewed and updated May 2022.

Thank you! Your subscription has been confirmed. You'll hear from us soon.