Right Management India Privacy Notice for RightAssess

Privacy Notice

Last Updated on 1st Feb 2026

This Privacy Notice explains what you can expect regarding the collection and use of personal information by Right Management (RMI) India Pvt. Limited, hereinafter referred as the "Data Controller", “We”, “Our” “Us”, or “RMI” when using RightAssess services.

In general, our privacy practices conform with India’s Digital Personal Data Protection Act (DPDPA) 2023, and where applicable, incorporate provisions of the European Union’s General Data Protection Regulation (EU GDPR).

Who this Notice Applies to

This Privacy Notice applies to users of RMI’s RightAssess services at https://rightassess.ai/ (“Site”) or client representatives who contracted with us to sponsor users of RightAssess services.

This Privacy Notice does not apply to our RMI employees, who are individuals employed by RMI and who work directly for RMI.

Information We Collect

Depending on our relationship with you, we will collect personal information about you through your use of our Site and related communications.

We may collect the following types of personal information (as permitted under local law and with consent where necessary) based on your roles in utilising RightAssess:

  1. General (Applicable to all Users)
    • Information to identify you, such as your name and, if you register on our Site, your username and password;
    • contact information, such as postal address, email address and telephone number;
    • information about the organization you work for, your job title and/or department and the city/state/country or region you work in;
    • device information and browser locale preferences, e.g. your language and time zone;
    • dates, timestamps, and other records of our interactions with you and your usage of our Site;
    • other information you may provide to us, such as in surveys or through the "Contact Us" feature on our Site.
  2. Individual undertaking digital assessments on RightAssess such as cognitive tests, personality assessments, situational judgment tests and technical assessments:
    • Camera snapshots and videos of you, including facial features;
    • Audio recording of you taking the assessments;
    • IP addresses of the device you use to undertake the assessments;
    • Information of the browser you use for the assessments;
    • Screen capture of your device during assessments;
    • Answers you provide to the assessment questions, or other work you are asked to submit as part of your assessment tasks;
    • Aggregate scores of your assessments.

How We Use the Information We Collect

We use the data collected for the following purposes (dependant on our relationship with you and as permitted under local law):

  1. identifying you and/or authenticating your identity;
  2. sending you updates and notifications regarding the services you are receiving, and other related communications;
  3. creating and managing online accounts and optimizing and personalizing your user experience;
  4. assessing candidate’s cognition, skillsets, personality for different job roles.
  5. responding to queries, claims, and requests for assistance;
  6. performing data analytics, such as;
    • analysing platform usage across our users,
    • assessing individual performance and capabilities, including scoring on work-related skills,
    • identifying skill shortages,
    • analysing pipeline data (trends regarding hiring practices),
    • determining the effectiveness of our engagement strategy,
    • determining the effectiveness of our products and services, and
    • aggregating data as part of our analytics efforts;
    • operating, evaluating, and improving our services;
    • auditing our interactions, transactions, accounting and other internal compliance functions; and
    • protecting against, identifying, and seeking to prevent fraud, deceptive practices and other unlawful activity, claims and other liabilities.
  7. enhancing the security of our network and information systems;
  8. complying with and enforcing applicable legal requirements, exercise or defence of legal claims, relevant industry standards, contractual obligations, and our policies;
  9. managing our client, vendor, and business partner relationships;
  10. communicating around the services we offer, programs, special events, offers, surveys, evaluations, and market research - if you are a vendor representative, business partner or client representative; and
  11. processing payments and invoices

We also may use the information in other ways for which we provide specific notice at, or prior to, the time of collection.

If we plan to use your personal information for a new purpose that differs significantly from the one originally disclosed or share it with a third party not outlined in this Privacy Notice, RMI will provide you the option to decide if you wish to proceed with this use or disclosure.

All processing will be carried out based on adequate legal grounds which may fall into a number of categories, including:

  • consent or explicit consent from the data subject, where required by applicable law;
  • contractual requirement or any pre-contractual requirement necessary to enter into a contract;
  • legal obligation, to the extent the processing is necessary to help us comply with our legal and regulatory obligations;
  • vital interests, where the processing is necessary to protect life; or
  • it is essential and necessary for the legitimate business purpose of the Data Controller, as described in more detail below (e.g. allowing access to a website in order to provide the services offered).

Legitimate Business Interest

Depending on the privacy laws that apply, the Data Controller is permitted to process personal data for certain legitimate business interests, which can include some or all of the following:

  • Where the process enables us to enhance, modify, personalize, or otherwise improve our services/communications for the benefit of our clients, candidates, and associates;
  • to identify and prevent fraud;
  • to enhance security of our network and information systems;
  • to better understand how people interact with our websites;
  • for direct marketing purposes;
  • to provide postal communications to you which we think will be of interest to you; and
  • to determine the effectiveness of promotional campaigns and advertising.

Whenever we process data for these interests, we will ensure that we keep your rights in high regard and take account of these rights. You can object to such processing and may do so by contacting us as described below. Please bear in mind that if you exercise your right to object, this may affect our ability to carry out and deliver services to you for your benefit.

How We Protect Personal Information

We maintain administrative, technical, and physical safeguards designed to protect the personal data we collect against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Such measures are designed to provide an appropriate level of security taking account, on one hand, the technical state of the art and, on the other hand, the sensitivity of the personal data and the evaluation of potential risks.

To provide the appropriate security and confidentiality of personal data, we apply the following non-exhaustive list of measures, as appropriate:

  • Encryption of data at rest and in transit using industry standard encryption algorithms with appropriate key lengths;
  • Strong user authentication and role-based access controls;
  • Network monitoring solutions with events logging;
  • Hardened network infrastructure;
  • Measures for ensuring physical security of locations at which personal data are processed;
  • Business continuity and disaster recovery plans with periodic testing;
  • Incident management policy and processes;
  • Periodic vulnerability and penetration testing;
  • Certification/assurance of processes and products;
  • Periodic employee privacy and security training and awareness program;
  • Third party privacy and security assessments;
  • Robust data processing and confidentiality agreements; and
  • Organizational measures for ensuring data minimization, purpose limitation, retention, data quality and accountability.

How Long We Store the Data We Collect

We process the personal data we collect, also by automated means, for the purposes defined above and for a specific period of time, which complies with our internal retention policy, in order to ensure that the personal data are not kept longer than necessary.

The personal information we collect is stored in an identifiable way only for the period of time we have determined is necessary, in light of the purposes for which the data was collected. We use the following criteria to determine our retention periods:

  • The necessity to retain the personal data collected, in order to offer services established with the user;
  • The legitimate interest of the Data Controller, as described above; and
  • The existence of specific country or state legal obligations that make the processing and related storage necessary for specific period of times.

For purposes of record keeping, any assessment carried out in RightAssess will be retained for up to 12 months after the event but other personal information, e.g., username, password, your full name etc., about you will continue to be retained until the end of the agreement we have with the sponsoring client that referred you to use RightAssess.

Information We Disclose

We may disclose the personal data collected, as described in this privacy notice, or in separate notices provided in connection with the services you are receiving or eligible for.

If you are a test-taker taking assessments sponsored by a client, we will disclose the questions, your answers you provided to the questions and the scores to the client, who may or may not make decisions about you after our disclosure. Please be informed we are engaged by the sponsoring client to provide you with the platform to take the test. We have no control or influence over decisions the sponsoring client makes about you, before or after the test. If you have any questions other than the assessment you have taken or about to take, please reach out to the sponsoring client.

We may disclose a portion of personal data to vendors who perform services on our behalf, based on our instructions, to make our Sites and services available to you. Those vendors can include IT service and cloud providers and assessment providers. We strive to ensure this data is minimized to what is necessary to perform the specific services instructed. We do not authorize vendors, that process data on our behalf, to use or disclose the information except as necessary to perform services or comply with legal requirements. Personal data will not be sold, rented, distributed or made available to vendors for their own commercial purposes, including for their direct marketing purposes.

We also may disclose your personal data (i) with our subsidiaries and affiliates; and (ii) if you are a recipient of talent management services, we may disclose the status or progress of your program to the sponsoring client, along with any applicable assessment outcomes.

In addition, we may disclose personal data about you (i) if we are required to do so by law or legal process; (ii) to law enforcement authorities or other government officials based on a lawful disclosure request; and (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity. We also reserve the right to transfer personal data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation).

Data Transfers

We may transfer the personal data we collect about you to countries outside of India where we store your information. Those countries may not have the same data protection laws as India in which you initially provided the personal data.

When we transfer your information to other countries, we will protect that data as described in this Privacy Notice and any other specific notice given to you at the time of, or prior to, the processing. Such transfers will comply with applicable law.

Subject to applicable law, you may obtain a copy of these safeguards by contacting us as indicated in the How to Contact Us section below.

Your Privacy Rights and Choices

When authorized by applicable law, you may exercise specific rights, such as:

  1. Right of access: You have the right to obtain confirmation about whether personal data concerning you is being processed, and, where that is the case, to understand what personal data belonging to you that we hold and provide you with access to it.
  2. Right to rectification: You have the right to request we correct or update of any inaccurate or incomplete data held about you, in order to protect the accuracy of such information and to adapt it to the data processing.
  3. Right to erasure: you have the right to request that we delete and/or destroy information about you and no longer process that data. There might be latency in deleting information from servers and backed-up versions might exist for a short period after account deletion. Please note that erasure is not an absolute right; there may be legal or regulatory reasons to retain some, or all, of the data collected and this will be made clear to you if this is the case, for example to comply with our tax and accounting regulations.
  4. Right to restriction of processing: You may request that the Data Controller restricts the processing of your data.
  5. Right to data portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. You have the right to request we transmit this data directly to another data controller/business.
  6. Right to object: A data subject who provide a Data Controller with personal data may object, at any time, to the data processing on a number of grounds as set out under applicable laws, without needing to justify his or her decision. If you object, the previous processing of data will remain lawful.
  7. Right not to be subject of automated individual decision-making: You have the right not to be a subject of automated decision-making i.e. a decision based solely on automated processing, including profiling, if such profiling/decision-making produces a legal or similarly significant effect on or against you.
  8. Right to Opt-Out of the selling and sharing of your personal information: please note, we do not and will not sell or share your personal information.
  9. Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority in the country or state of your habitual residence, place of work or place of the alleged infringement, if you consider the processing of your personal data infringes privacy law.
  10. Whenever processing of your personal information is based on consent, you have the right to withdraw your consent at any time. There may be circumstances where we will still need to process your data for legal or official reasons after you withdraw your consent; where this is the case, we will restrict the data to what is necessary for the purpose of meeting those requirements. Any withdrawal of consent will not affect the lawfulness of the processing before its withdrawal.
  11. Right to Nominate: In case of death or incapacity, you can nominate an individual on your behalf to exercise privacy rights.
  12. Right of Grievance Redressal: At any time, you can reach out to us on [email protected] so that your grievances can be addressed if any.

If you require more information about the processing of your personal data, please refer to the How to Contact Us section below.

How to Exercise your Privacy Rights and Choices

If you wish to exercise any of your data privacy rights or choices that you cannot perform yourself, you can do so via our Privacy Request Portal.

One of our team may contact you directly, or via our secure online portal, to verify your email address and thereafter your identity, before we provide access, modify or erase your data. As part of this ID verification process you may be asked to provide a government issued ID and/or utility bill. We will permanently delete the verification information that you provide promptly after we have completed the verification process.

We are only required to respond to requests that are verifiable and legitimate. If we cannot verify your identity based on the processes described above, we may ask you for additional verification information. We will not use that information for any purpose other than verification. If we cannot verify your identity to a sufficient level of certainty to respond to your request, we will let you know promptly and explain why we cannot verify your identity and process your request.

Privacy Rights Requests by Authorized Parties

You may designate an authorized representative to exercise your rights on your behalf. If an authorized representative submits a request on your behalf, they must also submit a document signed by you that authorizes your representative to submit the request on your behalf.

In addition, we may ask that both you, and your representative, follow the applicable process described above for identity verification.

ManpowerGroup’s Non-Discrimination Policy

Users of our Sites and services will not be subject to discriminatory treatment for exercising their privacy rights.

Please bear in mind that exercising some rights, like erasure, consent withdrawal or your right to object, may affect our ability to carry out and deliver some, or all, of the services you are eligible for.

Updates to Our Privacy Notice

From time to time, we may modify this Privacy Notice to reflect changes in technology, privacy practices and legal updates, or for other continuous improvement purposes. For significant changes, we will notify you by indicating at the top of each notice when it was most recently updated.

If we add additional services, or modify existing services, that we believe materially changes the nature of the processing you have been made aware of in this privacy notice and associated privacy notices provided to you in the delivery of our services, we will make reasonable efforts to provide you with additional notice. Depending on the reason for modification, we may also ask you to affirmatively consent to the changes. By continuing to use the services after such notice and/or consent, you agree to the terms of the revised Privacy Notice.

How to Contact Us

If you have any questions or comments about this Privacy Notice, or if you would like to exercise your rights, please submit a request through our Privacy Request Portal.

Alternatively, you can write to us at the email or address below:

ManpowerGroup India c/o Right Management India Pvt Ltd

Attn: Data Protection Manager ([email protected])

6th Floor, Vatika City Point, Sector 25, MG Road,

Gururgram – 122002

India

Privacy policy Contact us Right Management

© RightAssess 2024. All rights reserved.