Book a demo

Updated January 2024

Privacy Policy

Codility Limited (“we,” “us” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy sets out how we collect, use and share information which identifies you or is associated with you (“personal information”).

Please read this Privacy Policy carefully to understand our views and practices regarding your personal information and how we will treat it. By setting up an account with us or using and accessing https://codility.com (the “Service”), you consent to the use of your personal information as described in this Privacy Policy.

For the purpose of the EU General Data Protection Regulation 2016/679 (the GDPR), the data controller is Codility Limited. Our registered office is at 9th Floor, 107 Cheapside, London, United Kingdom EC2V 6DN. Our company registration number is 07048726.

Codility Limited is registered as a data controller with the UK’s Information Commissioner’s Office (the ICO), registration number ZA440192. The ICO is selected as Codility’s designated independent dispute resolution body to address complaints and provide appropriate recourse free of charge to individuals. The ICO can be contacted via www.ico.org.uk.

Codility process personal data for processing purpose within the European Economic Area to a country outside the European Economic Area. The Parties shall ensure that the personal data are adequately protected. To achieve this, the Parties shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of personal data.

Individuals with inquiries or complaints regarding Data Privacy should first contact Codility Ltd at: [email protected]

You should also be aware that we use cookies to store and access information whilst providing the Service. You can find out more about our use of cookies in our Cookie Policy.

The Service may, from time to time, contain links to and from the websites of our employer partners, partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

1. Information We May Collect

We collect the categories of information set out in sections a. to e. below when you use the Service.

  1. Information we collect directly from you:

We collect information from you when you submit information to us or the Service. The following are examples of when we may collect information directly from you:

  • Account and test access information such as name, email address, telephone number, work and educational information, details about your professional interests, professional experience and your academic title.
  • If you submit your CV, we will store any personal data not listed above that you include on your CV.
  • When you fill in and submit forms on the Service, including forms submitted at the time of registering to use our Service, conducting assessments, reporting a problem with the Service or requesting further information from us.
  • When you contact us via online submission, telephone, electronic mail or regular mail, we may keep a record of that correspondence.
  • When you complete surveys via the Service.
  • When you post comments or opinions to us on the Service or third party website where we have a profile or presence (e.g. on our Facebook page).

You are not required to provide your personal information, but you will be unable to use parts of the Service if you do not.

2. Information from the organisation that creates your profile on the Service

If you are provided with login details to access the Service through an organisation’s account, that organisation may provide us with details to create a profile for you on the Service. This can include information such as your name, job title, work telephone number and email address.

3. Information about how you use the Service

We collect information about how you use the Service such the time you access the Service and duration you are on it, the site you come to the Service from or go to after leaving the Service, selections and choices you make and preferences that you set when using the Service as well as any data you input while conducting any assessment on the Service.

4. Information about how you connect to the Service

We collect information about the computer or other electronic device (“device”) you use to connect to the Service such as details about the type of device (which can include unique device identifying numbers), its operating system, browser and applications connected to the Service through the device, your Internet service provider or mobile network, your IP address and your devices telephone number (if it has one). Additionally, we use third party analytics services such as HotJar and Google Analytics to help us analyze usage of our Service. Through this, such third parties receive certain information regarding your usage of the Service. This information may include information about your device, your geographic location, referring domain, what pages you access on the Service (and when and for how long), what links you click, mouse movements and scrolling behaviors. HotJar also uses cookies to collect non-personal information including standard internet log information and details of your behavioural patterns upon visiting our website pages. You can find out more about HotJar’s information collection practices at https://www.hotjar.com/privacy, and information about opting out of HotJar at https://www.hotjar.com/opt-out and Google Analytics at https://tools.google.com/dlpage/gaoptout.

5. Information about your actual location

We do not collect information about your actual location, other than an approximate location (usually no more precise than city level) which can be determined from your IP address. In certain instances we may use cookies and similar technologies to store and access information we collect through the Service. You can find out more about our use of cookies in our Cookie Policy.

2. Where We Transfer and Store Your Personal Information

The information we collect directly from you, including information about how you use the Service and about how you connect to Service may be transferred and stored outside the European Economic Area (“EEA”) in a country that may not have the same level of data protection laws as your country. Any transfers of personal data outside the EEA are made in compliance with the GDPR with lawful mechanisms in place (such as the Standard Clauses approved by the EU Commission) that provide both appropriate safeguards and enforceable data subject rights with effective legal remedies. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or any of our employer clients. Such staff maybe engaged in, among other things, third party analytics (as described above), the provision of support services to us or the assessment of your candidacy. By using the Service you consent to any transfer, storage or processing of your personal information outside of your country. We will take all steps reasonably necessary to ensure that personal information is treated securely and in accordance with this Privacy Policy.

Codility complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Codility has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Codility commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

  1. Liability in Cases of Onward Transfers to Third Parties

In compliance with the Data Privacy Framework (DPF) Principles, we are committed to informing our users about our practices regarding the transfer of personal information to third parties.

Accountability for Onward Transfer: In the event that we transfer personal information to a third party acting as a controller, we adhere to the Notice and Choice Principles of the DPF. This means that we provide clear notice to our users about such transfers and offer a choice where appropriate.

Responsibility and Liability: In accordance with the Recourse, Enforcement, and Liability Principle of the DPF, our organization takes responsibility for the processing of personal information we receive under the DPF Principles and subsequently transfer to a third party acting as an agent on our behalf. We shall remain liable if our agent processes such personal information in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.

Current Transfer Practices: As of now, our organization does not transfer personal information to third parties. However, should this practice change in the future, we will update our policy accordingly and ensure compliance with the DPF Principles.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF , Codility commits to resolve DPF Principles-related complaints about our collection and use of your personal information.  EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF  should first contact Codility at: [email protected] 

“In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Codility commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to Codility, an alternative dispute resolution provider based in the United States, the European Union, the United Kingdom. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://ec.europa.eu/consumers/odr. for more information or to file a complaint. The services of Privacy Trust Solutions are provided at no cost to you.” 

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Codility commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

All information you provide to us is stored on a third party’s secure servers providing data hosting services to us under our control or on computers of Codility Limited or computers of our subsidiary Codility Polska Sp., z.o.o.. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Service, you are solely responsible for keeping this password confidential. If the password has been stolen or might otherwise be subject to misuse, it is your responsibility to notify us immediately for further action.

In order to provide a comprehensive and effective service to our customers and to the high-tech community as a whole, personal data may be transferred to third parties who provide services to Codility that include email distribution, customer relationship management, sales opportunity management, sales reporting, sales forecasting and customer feedback applications.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. For more information about how we safeguard personal information, contact us at [email protected].

3. Government Oversight, Disclosure, and Accountability

Codility recognizes its responsibility to adhere to the EU-U.S. Data Privacy Framework (EU-U.S. DPF). Principles while being subject to oversight and enforcement by the Federal Trade Commission (FTC).

I. Federal Trade Commission (FTC) Oversight: Codility acknowledge the FTC’s authority to monitor and enforce our compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), reinforcing our commitment to data privacy.

II. Lawful Requests by public authorities, including to meet national security or law enforcement requirements: Codility acknowledges that in some situations, we may be legally obligated to disclose personal information in response to valid requests from public authorities. This includes cases involving national security or law enforcement requirements. Such disclosures will be conducted with due process and in accordance with relevant laws.

While we strive to protect your personal information, certain legal requirements might necessitate disclosures. We will make reasonable efforts to notify you about such disclosures, unless prohibited by law. Our commitment to safeguarding your data remains steadfast, and we will only disclose information when mandated by lawful processes.

4. Uses Made of the Information We Collect

We use the information we collect in the following ways:

  • To manage your account and provide you with the features of the Service, validate and keep your personal information accurate. We will use information we collect directly from you for this purpose.
  • To improve the Service and to ensure that content from the Service is presented in the most effective manner for you and for your device and to display content and features that are tailored to you, your interests and how you use the Service. We will use information we collect directly from you, information about how you use the Service and information about how you connect to the Service for this purpose.
  • To provide you with information about products or services that you request from us or which we feel may interest you (in accordance with your marketing preferences). We will use information we collect directly from you for this purpose.
  • To determine and predict information that may be of interest or relevant to you. We will use information we collect directly from you, information about how you use the Service and information about how you connect to the Service for this purpose.
  • To carry out our obligations arising from any agreements entered into between you and us, you agree that we may provide your test results to our employer clients for the purpose of allowing them to evaluate any test you have taken. We will use information we collect directly from you, information about how you use the Service and information about how you connect to the Service for this purpose.
  • To notify you about changes to the Service and address complaints, comments and issues you have in relation to your use of the Service. We will use information we collect directly from you for this purpose.
  • To prevent, detect and investigate illegal activities, breaches of any agreements entered into between you and us and threats to the security of the Service. We will use information we collect directly from you, information about how you use the Service and information about how you connect to the Service for this purpose.
  • To produce aggregate statistical information and analytics about users of and their submissions to the Service from which individuals cannot be identified.
  • For more information about how Codility uses personal data see our Data Privacy Notice.

5. Disclosure of Personal Information

We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries and the employees, agents, officers, directors and contractors of the foregoing entities. These companies will only use your personal information in the same way as we can under this Privacy Policy. Codility has in place robust contracts and data processing agreements with all its processors and sub-processors, these provide legal frameworks for the sharing of personal data in line with the Article 28 of the GDPR.

We may disclose your personal information to third parties:

  • Who provide a service to us. These third parties will only be allowed to use your personal information in accordance with our instructions and will be required to keep your information secure.
  • In the event that we sell or buy or transfer any business or assets (in part or whole), in which case we may disclose your personal information to the prospective seller, buyer or recipient of such business or assets.
  • In order to respond to a subpoena, court order or other legal duty or obligation (including without limitations requests or demands from law enforcement and government authorities and regulators).
  • In order to investigate, prevent, or take action regarding suspected or actual prohibited activities, including but not limited to, fraud and situations involving potential threats to the physical safety of any person or to prevent financial loss to any person or entity, including Codility Ltd, its customers, clients, and other parties.
  • In order to enforce or apply any agreement we have with you.
  • Business partners who offer a service to you jointly with us. For example, this includes the employer clients of ours whose assessments you have undertaken.

6. Your Marketing Rights

You have the right to ask us not to process the personal information for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at [email protected].

7. Cookies

We or online advertising networks that we partner with may use cookies to make sure advertisements and content you see online are more relevant to you. Cookies will be stored based on your consent as gathered by our separate Cookies Tool. If you have provided consent to our storage of cookies, you can withdraw it at any time by accessing our Cookies Tool Cookies Settings . In certain cases, cookies may be stored where we are not required to obtain your consent and do not do so, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price. To learn more about cookies and how to manage them read our Cookie Policy. Our Service does not currently respond to “do not track” browser headers.

8. Access to and Control of Personal Information

You have the right to access, review, update, correct, or delete the personal information held about you. In some circumstances you may also have the right to restrict or object to processing and to receive your personal information in a portable form. Under certain conditions, you may have the right to invoke binding arbitration. To exercise these rights contact [email protected].

9. Lawful Bases for Processing

We only collect and process personal information where we have a lawful basis. Lawful bases include consent (where you have given consent), contract (where processing is necessary to perform a contract with you, e.g. to deliver the Service), legal obligation (where processing is necessary to comply with the law), and our legitimate interests (e.g. to protect us and you, to comply with applicable laws, to administer and improve our business, and for our direct marketing purposes).

Where our processing of personal information is based on consent, you have the right to withdraw your consent at any time, and where we rely on legitimate interests, you have the right to object. To exercise these rights contact [email protected].

10. Retention of Personal Information

We retain your personal information to provide our Service and as described in this Privacy Policy. Data is fully accessible on the platform for up to six months. We may retain information longer if required by law.

11. Changes to our Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this page. We may change, modify, add or remove portions of this Privacy Policy at any time. We will use reasonable endeavours to inform you of any material changes when they occur. We may do this by email or notice on the site as we consider appropriate. Any changes will be updated on this Privacy Policy page. You should periodically review our Privacy Policy page for any such changes and can object to them by no longer using or accessing the Service. Please further note, depending on your particular interaction with us, different portions of this Privacy Policy may apply to you at different times.

12. Contact

Questions, comments and requests regarding this privacy policy are welcome and should be addressed to [email protected].

You may contact our Data Protection Officer at [email protected]. You may also have the right to lodge a complaint with a supervisory authority in the EU as described in Article 77 of the GDPR.

13. Data Protection Requirements

Codility is committed to adhering to the data protection requirements of the Standard Contractual Clauses, the European Data Protection Board, the European Commission, and any other obligations applicable to Codility by other data protection authorities (including EU General Data Protection Regulations and the California Consumer Privacy Act).