Privacy Policy

1. Information We May Collect

We collect the categories of information set out in sections a. to e. below when you
use the Service.

1. Information we collect directly from you:

We collect information from you when you submit information to us or the Service.
The following are examples of when we may collect information directly from you:

• Account and test access information such as name,
  email address, telephone number, work and educational information, details about your professional
  interests, professional experience and your academic title.
• If you submit your CV, we will store any personal
  data not listed above that you include on your CV.
• When you fill in and submit forms on the Service,
  including forms submitted at the time of registering to use our Service, conducting assessments,
  reporting a problem with the Service or requesting further information from us.
• When you contact us via online submission,
  telephone, electronic mail or regular mail, we may keep a record of that correspondence.
• When you complete surveys via the Service.
• When you post comments or opinions to us on the
  Service or third party website where we have a profile or presence (e.g. on our Facebook page).

You are not required to provide your personal information, but you will be unable to
use parts of the Service if you do not.

     2. Information from the organisation that creates your profile on the
Service

If you are provided with login details to access the Service through an
organisation’s account, that organisation may provide us with details to create a profile for you on the
Service. This can include information such as your name, job title, work telephone number and email address.

     3. Information about how you use the Service

We collect information about how you use the Service such the time you access the
Service and duration you are on it, the site you come to the Service from or go to after leaving the Service,
selections and choices you make and preferences that you set when using the Service as well as any data you
input while conducting any assessment on the Service.

     4. Information about how you connect to the Service

We collect information about the computer or other electronic device (“device”) you
use to connect to the Service such as details about the type of device (which can include unique device
identifying numbers), its operating system, browser and applications connected to the Service through the
device, your Internet service provider or mobile network, your IP address and your devices telephone number (if
it has one). Additionally, we use third party analytics services such as HotJar and Google Analytics to help us
analyze usage of our Service. Through this, such third parties receive certain information regarding your usage
of the Service. This information may include information about your device, your geographic location, referring
domain, what pages you access on the Service (and when and for how long), what links you click, mouse movements
and scrolling behaviors. HotJar also uses cookies to collect non-personal information including standard
internet log information and details of your behavioural patterns upon visiting our website pages. You can find
out more about HotJar’s information collection practices at https://www.hotjar.com/privacy, and
information about opting out of HotJar at https://www.hotjar.com/opt-out and
Google Analytics at https://tools.google.com/dlpage/gaoptout.

     5. Information about your actual location

We do not collect information about your actual location, other than an approximate
location (usually no more precise than city level) which can be determined from your IP address. In certain
instances we may use cookies and similar technologies to store and access information we collect through the
Service. You can find out more about our use of cookies in our Cookie Policy.

2. Where We Transfer and Store Your Personal Information

The information we collect directly from you, including information about how you
use the Service and about how you connect to Service may be transferred and stored outside the European Economic
Area (“EEA”) in a country that may not have the same level of data protection laws as your country. Any
transfers of personal data outside the EEA are made in compliance with the GDPR with lawful mechanisms in place
(such as the Standard Clauses approved by the EU Commission) that provide both appropriate safeguards and
enforceable data subject rights with effective legal remedies. It may also be processed by staff operating
outside the EEA who work for us or for one of our suppliers or any of our employer clients. Such staff maybe
engaged in, among other things, third party analytics (as described above), the provision of support services to
us or the assessment of your candidacy. By using the Service you consent to any transfer, storage or processing
of your personal information outside of your country. We will take all steps reasonably necessary to ensure that
personal information is treated securely and in accordance with this Privacy Policy.

Codility complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK
Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Codility
has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework
Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European
Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is
any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall
govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please
visit https://www.dataprivacyframework.gov/

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Codility
commits to cooperate and comply respectively with the advice of the panel established by the EU data protection
authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints
concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the
EU-U.S. DPF.

All information you provide to us is stored on a third party’s secure servers
providing data hosting services to us under our control or on computers of Codility Limited or computers of our
subsidiary Codility Polska Sp., z.o.o.. Where we have given you (or where you have chosen) a password which
enables you to access certain parts of the Service, you are solely responsible for keeping this password
confidential. If the password has been stolen or might otherwise be subject to misuse, it is your responsibility
to notify us immediately for further action.

In order to provide a comprehensive and effective service to our customers and to
the high-tech community as a whole, personal data may be transferred to third parties who provide services to
Codility that include email distribution, customer relationship management, sales opportunity management, sales
reporting, sales forecasting and customer feedback applications.

Unfortunately, the transmission of information via the internet is not completely
secure. Although we will do our best to protect your personal information, we cannot guarantee the security of
your personal information transmitted to our site; any transmission is at your own risk. Once we have received
your information, we will use strict procedures and security features to try to prevent unauthorised access. For
more information about how we safeguard personal information, contact us at [email protected].

3. Uses Made of the Information We Collect

We use the information we collect in the following ways:

• To manage your account and provide you with the
  features of the Service, validate and keep your personal information accurate. We will use information
  we collect directly from you for this purpose.
  
• To improve the Service and to ensure that content
  from the Service is presented in the most effective manner for you and for your device and to display
  content and features that are tailored to you, your interests and how you use the Service. We will use
  information we collect directly from you, information about how you use the Service and information
  about how you connect to the Service for this purpose.
  
• To provide you with information about products or
  services that you request from us or which we feel may interest you (in accordance with your marketing
  preferences). We will use information we collect directly from you for this purpose.
  
• To determine and predict information that may be
  of interest or relevant to you. We will use information we collect directly from you, information about
  how you use the Service and information about how you connect to the Service for this purpose.
  
• To carry out our obligations arising from any
  agreements entered into between you and us, you agree that we may provide your test results to our
  employer clients for the purpose of allowing them to evaluate any test you have taken. We will use
  information we collect directly from you, information about how you use the Service and information
  about how you connect to the Service for this purpose.
  
• To notify you about changes to the Service and
  address complaints, comments and issues you have in relation to your use of the Service. We will use
  information we collect directly from you for this purpose.
  
• To prevent, detect and investigate illegal
  activities, breaches of any agreements entered into between you and us and threats to the security of
  the Service. We will use information we collect directly from you, information about how you use the
  Service and information about how you connect to the Service for this purpose.
  
• To produce aggregate statistical information and
  analytics about users of and their submissions to the Service from which individuals cannot be
  identified.
  
• For more information about how Codility uses
  personal data see our Data Privacy
  Notice.

4. Disclosure of Personal Information

We may disclose your personal information to any member of our group, which means
our subsidiaries, our ultimate holding company and its subsidiaries and the employees, agents, officers,
directors and contractors of the foregoing entities. These companies will only use your personal information in
the same way as we can under this Privacy Policy. Codility has in place robust contracts and data processing
agreements with all its processors and sub-processors, these provide legal frameworks for the sharing of
personal data in line with the Article 28 of the GDPR.

We may disclose your personal information to third parties:

• Who provide a service to us. These third parties
  will only be allowed to use your personal information in accordance with our instructions and will be
  required to keep your information secure.
  
• In the event that we sell or buy or transfer any
  business or assets (in part or whole), in which case we may disclose your personal information to the
  prospective seller, buyer or recipient of such business or assets.
  
• In order to respond to a subpoena, court order or
  other legal duty or obligation (including without limitations requests or demands from law enforcement
  and government authorities and regulators).
  
• In order to investigate, prevent, or take action
  regarding suspected or actual prohibited activities, including but not limited to, fraud and situations
  involving potential threats to the physical safety of any person or to prevent financial loss to any
  person or entity, including Codility Ltd, its customers, clients, and other parties.
  
• In order to enforce or apply any agreement we have
  with you.
  
• Business partners who offer a service to you
  jointly with us. For example, this includes the employer clients of ours whose assessments you have
  undertaken.
  

5. Your Marketing Rights

You have the right to ask us not to process the personal information for marketing
purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use
to collect your data. You can also exercise the right at any time by contacting us at [email protected].

6. Cookies

We or online advertising networks that we partner with may use cookies to make sure
advertisements and content you see online are more relevant to you. Cookies will be stored based on your consent
as gathered by our separate Cookies Tool. If you have provided consent to our storage of cookies, you can
withdraw it at any time by accessing our Cookies Tool Cookies Settings . In certain cases, cookies may be stored where we are
not required to obtain your consent and do not do so, for our legitimate interests, i.e. to be as efficient as
we can so we can deliver the best service to you at the best price. To learn more about cookies and how to
manage them read our Cookie Policy. Our Service does not
currently respond to “do not track” browser headers.

7. Access to and Control of Personal Information

You have the right to access, review, update, correct, or delete the personal
information held about you. In some circumstances you may also have the right to restrict or object to
processing and to receive your personal information in a portable form. Under certain conditions, you may have
the right to invoke binding arbitration. To exercise these rights contact [email protected].

8. Lawful Bases for Processing

We only collect and process personal information where we have a lawful basis.
Lawful bases include consent (where you have given consent), contract (where processing is necessary to perform
a contract with you, e.g. to deliver the Service), legal obligation (where processing is necessary to comply
with the law), and our legitimate interests (e.g. to protect us and you, to comply with applicable laws, to
administer and improve our business, and for our direct marketing purposes).

Where our processing of personal information is based on consent, you have the right
to withdraw your consent at any time, and where we rely on legitimate interests, you have the right to object.
To exercise these rights contact [email protected].

9. Retention of Personal Information

We retain information for as long as reasonably necessary to provide the Service to
you or to fulfil the purposes described in this privacy policy. In limited circumstances we may retain
information for a longer period of time as required by law.

10. Changes to our Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this
page. We may change, modify, add or remove portions of this Privacy Policy at any time. We will use reasonable
endeavours to inform you of any material changes when they occur. We may do this by email or notice on the site
as we consider appropriate. Any changes will be updated on this Privacy Policy page. You should periodically
review our Privacy Policy page for any such changes and can object to them by no longer using or accessing the
Service. Please further note, depending on your particular interaction with us, different portions of this
Privacy Policy may apply to you at different times.

11. Contact

Questions, comments and requests regarding this privacy policy are welcome and
should be addressed to [email protected].

You may contact our Data Protection Officer at [email protected]. You may also have
the right to lodge a complaint with a supervisory authority in the EU as described in Article 77 of the
GDPR.

12.Data Protection Requirements

Codility is committed to adhering to the data protection requirements of the
Standard Contractual Clauses, the European Data Protection Board, the European Commission, and any other
obligations applicable to Codility by other data protection authorities (including EU General Data Protection
Regulations and the California Consumer Privacy Act).