Privacy Policy
Last updated: 26 February 2026
1. Introduction
This Privacy Policy explains how Tema Resources Limited (Company No. 14485918), trading as ProfileTest.ai (“we”, “us”, “our”), collects, processes, stores, and protects personal data in accordance with:
• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Other applicable data protection laws
ProfileTest.ai provides personality profiling and behavioural intelligence infrastructure for businesses, coaches, enterprises, and individuals.
This policy applies to:
• Website visitors
• Account holders (Hosts)
• Individuals completing profiling diagnostics (“Test Takers”)
• Licensees
• Enterprise users
• Business contacts
2. Data Controller and Processor Roles
2.1 Platform-Level Data
For account registration, billing, technical operation, analytics, and platform administration, Tema Resources Limited acts as Data Controller.
2.2 Host-Deployed Systems
Where a Host deploys a profiling System to its own clients, employees, candidates, or customers:
• The Host acts as an independent Data Controller for that processing.
• We act as a Data Processor on behalf of the Host.
• Where acting as Processor, we process data solely on documented instructions from the Host unless required by law.
In such cases:
• The Host is responsible for providing privacy notices to Test Takers.
• The Host must establish a lawful basis for processing.
• The Host must respond to data subject rights requests relating to their deployment.
Where profiling diagnostics are presented to Test Takers, appropriate transparency information is provided at or before the point of data collection.
We process data only in accordance with the Host’s documented instructions and our contractual arrangements, unless otherwise required by law.
3. Categories of Personal Data
We may process the following categories:
Identity Data: Name, date of birth, username.
Contact Data: Email address, phone number, address.
Account Data: Login credentials, account preferences.
Billing and Transaction Data: Payment details (processed via third-party providers), subscription history.
Technical Data: IP address, device identifiers, browser type, usage logs, cookies.
Behavioural Profiling Data: Responses to diagnostic questions, scoring outputs, behavioural insights, generated reports, dashboard metrics.
Marketing Data: Communication preferences and subscription settings.
We do not intentionally collect: Special category data (health, race, religion, biometric data, etc.)
Criminal conviction data: We do not intentionally collect such data. If inadvertently provided, it will not be used for profiling and may be deleted.
4. Profiling and Decision Support
The Platform uses profiling within the meaning of UK GDPR.
Profiling is used to:
• Analyse behavioural responses
• Generate structured personality insights
• Produce reports and dashboards
• Support human-led decision making
We do not conduct fully automated decision-making that produces legal or similarly significant effects without meaningful human involvement.
All outputs are advisory and informational in nature.
We do not make decisions based solely on automated processing that produce legal effects or similarly significant effects concerning individuals.
5. Lawful Bases for Processing
We rely on:
Contractual Necessity: To provide services under account agreements.
Legitimate Interests: To operate, improve, secure, and scale the Platform.
Where Legitimate Interests are relied upon, we conduct and document balancing assessments to ensure that such interests do not override the rights and freedoms of individuals.
Consent: For marketing communications and optional features where required.
Legal Obligation: Where required to comply with law.
Where we act as Processor for Hosts, the Host determines the lawful basis for their deployment.
Behavioural profiling data: is processed primarily under Contractual Necessity (where the individual or Host has requested the diagnostic) or under the Host’s determined lawful basis where we act as Processor.
6. How We Use Personal Data
We use personal data to:
• Provide Platform access
• Deliver profiling diagnostics and reports
• Process payments
• Maintain security and prevent fraud
• Provide support
• Monitor performance
• Improve platform functionality
• Conduct research using anonymised and aggregated data
Aggregated data does not identify individuals.
We may use anonymised behavioural trend data for product development and analytics. Where data is anonymised, it is processed in a manner that no longer permits identification of individuals. Where data is pseudonymised, additional safeguards are applied.
We process only the minimum personal data necessary to achieve the stated purposes and do not process data for incompatible purposes without notice and lawful basis.
We do not sell personal data, engage in behavioural advertising based on profiling results, or share profiling outputs with third-party advertisers.
A current list of key sub-processors is available upon request. Sub-processors are appointed in accordance with Article 28 UK GDPR.
7. Sub-Processors and Third Parties
We may engage sub-processors for:
• Cloud hosting
• Payment processing
• Email communications
• Infrastructure support
• Security monitoring
All sub-processors are contractually required to implement appropriate security measures.
We may also disclose personal data:
• To regulatory authorities if legally required
• In connection with business restructuring or sale
• To enforce our contractual rights
We do not sell personal data.
A current list of key sub-processors is available upon request.
8. International Transfers
Personal data may be processed outside the United Kingdom.
Where transferred to countries without adequacy decisions, we implement appropriate safeguards including Standard Contractual Clauses or equivalent protections.
9. Data Retention
We retain personal data only as long as necessary to:
• Fulfil contractual obligations
• Meet legal requirements
• Maintain legitimate business records
• Resolve disputes
Test Taker data processed on behalf of a Host is retained in accordance with the Host’s instructions.
We may retain limited technical logs for security purposes.
Account data is typically retained for the duration of the active subscription and for a limited period thereafter for audit and legal compliance purposes. Billing records are retained in accordance with statutory financial record-keeping requirements.
Upon termination of a Host engagement, personal data processed on behalf of the Host will be deleted or returned in accordance with contractual arrangements.
10. Security Measures
We implement appropriate technical and organisational safeguards including:
• Encrypted connections
• Access controls
• Role-based permissions
• Secure hosting environments
• Regular updates and monitoring
• Backup and recovery procedures
While no system is completely secure, we take commercially reasonable steps to protect personal data.
We implement data protection by design and by default principles in the development and deployment of our systems.
11. Data Breaches
In the event of a personal data breach:
• We will investigate promptly.
• Where required, we will notify the relevant supervisory authority.
• Where acting as Processor, we will notify the Host without undue delay.
• Where required, affected individuals will be notified in accordance with applicable law.
12. Data Subject Rights
Individuals have the right to:
• Access personal data
• Rectify inaccuracies
• Request erasure
• Restrict processing
• Object to processing
• Data portability
Where we act as Processor, requests relating to Host-deployed systems may be referred to the Host as Data Controller.
We may request verification of identity before fulfilling requests.
