IBIS Logo

IBIS

Competency Assessment Platform

Back to Home

Privacy Notice

Who we are

IBIS provides a digital platform that helps organisations understand, develop, and manage professional competencies.

Email: info@ocircletech.com

IBIS acts as a data processor for most user data and, in limited cases, as a data controller.

Who this notice applies to

This notice applies to you if you use IBIS as an employee, manager, assessor, coach, contractor, or individual user.

What personal data we collect

We only collect data needed to operate the platform and support professional development. This includes:

  • Name and work email address
  • Job role, function, and seniority
  • Competency assessments and scores
  • Development plans and learning activity
  • Feedback provided by you or about you
  • Platform usage data such as logins
  • AI-generated insights linked to your competencies

We do not collect home addresses, personal phone numbers, dates of birth, or payment details.

Special category data

IBIS is designed for professional development. We do not require health, medical, biometric, or similar sensitive data.

If your organisation chooses to enter such data, they remain responsible for ensuring lawful use.

Why we use your data

We use your data to:

  • Deliver competency assessments and insights
  • Support learning and development
  • Enable feedback and performance discussions
  • Provide reporting to your organisation
  • Maintain platform security and performance
  • Provide customer support

We do not sell your data or use it for advertising.

Our legal basis for processing

We rely on the following lawful bases:

Legitimate interests

Your organisation has a legitimate interest in developing skills, capability, and performance.

Contract

We process data to deliver services agreed with you or your organisation.

Consent

We rely on consent only for optional features or communications. You can withdraw consent at any time.

Who we share your data with

We share data only where necessary to operate the platform. This may include:

  • Your organisation and authorised administrators
  • Cloud hosting and infrastructure providers
  • AI service providers operating under contract
  • Security and support providers

All third parties operate under data protection agreements.

International data transfers

If data is processed outside the UK or EEA, we use approved safeguards such as standard contractual clauses.

How long we keep your data

We retain data only for as long as necessary. Typical periods include:

  • Active accounts — for the duration of the contract
  • Inactive client accounts — deleted or anonymised within 6 to 12 months
  • Backup data — retained for security purposes only

Your rights

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion in certain circumstances
  • Object to processing
  • Request a copy of your data
  • Restrict processing where applicable

To exercise your rights, contact info@ocircletech.com. We respond within one month.

Complaints

If you are unhappy with how we use your data, you can contact us. You also have the right to complain to the Information Commissioner's Office.

AI Transparency

How IBIS uses AI

IBIS uses AI to support professional development by analysing competency data and feedback. AI helps to:

  • Identify skill strengths and gaps
  • Suggest development actions
  • Summarise trends across assessments
  • Support consistent evaluation

What AI does not do

AI does not:

  • Make hiring, promotion, or dismissal decisions
  • Replace manager judgement
  • Operate without human oversight

Human involvement

All decisions remain with people. AI provides structured insights to support fair and informed judgement.

Understanding and challenging outcomes

You can request an explanation of AI-supported insights. You can ask for review if you believe an outcome is inaccurate or unfair.

Data Processing

Roles

Your organisation acts as the data controller. IBIS acts as the data processor.

Our commitments

We commit to:

  • Process data only on documented instructions
  • Keep your data confidential
  • Apply appropriate security measures
  • Support rights requests
  • Notify organisations promptly of any data incidents

Suppliers

We only use suppliers that meet GDPR standards. Details are available on request.

Data Retention

Retention approach

We apply clear and consistent retention rules.

  • Active users — data retained while accounts remain active
  • Former users — data deleted or anonymised after agreed periods
  • Legal and security data — retained only where required by law

You can request deletion where applicable.

Your Data Rights

How to make a request

  1. Email info@ocircletech.com
  2. Include enough information for us to identify your account
  3. We may verify your identity
  4. We respond within 30 days

We do not charge a fee unless requests are excessive.

Security

How we protect your data

We use technical and organisational measures to protect your information. These include:

  • Encryption in transit and at rest
  • Role-based access controls
  • Secure authentication
  • Audit logging
  • Regular backups
  • Incident response procedures

Only authorised personnel can access your data.

Data Protection Impact

Our assessment

We regularly assess risks related to competency data and AI analysis. Key outcomes:

  • Data use remains proportionate to purpose
  • AI remains advisory
  • Human oversight reduces risk of unfair outcomes
  • Security controls reduce unauthorised access risk

We review this assessment regularly.