Skip to content

Privacy Policy

Your data is our priority. Here you can learn how we collect, use, and protect it.

Last updated: March 2026

CCSS (Comprehensive Candidate Selection System) is committed to protecting the privacy of all platform users. This Privacy Policy describes how we collect, use, store, and protect your personal data in accordance with applicable data protection regulations, including the General Data Protection Regulation (GDPR) and the Data Protection Act of the Republic of Serbia.

1. Data We Collect

Depending on how you use the platform, we may collect the following categories of data:

1.1 Identity and Contact Data

  • Full name
  • Email address
  • Phone number
  • Organization name and position (for corporate users)

1.2 Assessment Data

  • Responses to psychological questionnaires (PRES-D, EI, BD, SOI)
  • Test results and scores
  • AI-generated reports and analyses
  • Assessment completion timeframes

1.3 Technical Data

  • IP address
  • Browser type and version
  • Operating system
  • Platform access data (date, time, session duration)
  • Cookie data

2. Legal Basis for Processing

We process your data based on the following legal grounds:

  • Consent: For processing psychological test results and generating AI reports. You may withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
  • Performance of a contract: For providing platform services, account administration, and technical support, where processing is necessary for the performance of contractual obligations.
  • Legitimate interest: For improving the platform, analyzing service usage, preventing misuse, and ensuring system security.
  • Legal obligation: Where we are required to retain or disclose data under applicable law.

3. How We Use Your Data

We use your data exclusively for the following purposes:

  • Account administration: Creating and managing user accounts, authentication, and access authorization.
  • Conducting assessments: Administering psychological instruments, calculating scores, and generating profiles.
  • AI analysis and reporting: Using artificial intelligence to generate personalized reports, insights, and recommendations based on test results.
  • Communication: Sending notifications related to your account, assessment results, and platform updates.
  • Service improvement: Usage analytics to improve user experience and platform functionality.

Important:

Candidate data is never used for training AI models. Your responses and results are used exclusively for generating your personal report.

4. Data Retention and Storage

4.1 Storage Location

All data is stored on servers within the European Union (EU), using Microsoft Azure cloud infrastructure that ensures the highest standards of security and compliance.

4.2 Retention Periods

  • Account data: Retained as long as the account is active, plus 12 months after account deletion.
  • Assessment results and reports: Retained in accordance with the agreement with the commissioning organization, for a maximum of 3 years from the date of assessment.
  • Technical logs: Retained for up to 12 months for security and diagnostic purposes.
  • Cached data (Redis): Automatically deleted after the defined expiration period (reports: 7 days, insights: 3 days).

5. Your Rights

Under applicable regulations, you have the following rights regarding your personal data:

  • Right of access: You have the right to request information about whether and which of your data we process, as well as to obtain a copy of that data.
  • Right to rectification: You have the right to request correction of inaccurate data or completion of incomplete data.
  • Right to erasure: You have the right to request deletion of your data when there is no longer a legal basis for its processing.
  • Right to data portability: You have the right to request transfer of your data in a structured, commonly used, and machine-readable format.
  • Right to restriction of processing: You have the right to request restriction of processing in certain situations provided by law.
  • Right to object: You have the right to object to processing based on legitimate interest.
  • Right to lodge a complaint: You have the right to file a complaint with the Commissioner for Information of Public Importance and Personal Data Protection of the Republic of Serbia, or the relevant supervisory authority in your jurisdiction.

To exercise any of these rights, please contact us at the address provided in the "Data Protection Contact" section at the end of this document.

6. Cookies

The CCSS platform uses cookies to ensure functionality and improve user experience:

6.1 Essential (Functional) Cookies

These cookies are necessary for the platform to function and cannot be disabled. They include authentication cookies, security tokens, and session management.

6.2 Analytics Cookies

We use analytics cookies to understand how visitors use our platform. This data helps us improve the user experience. Analytics cookies are only activated with your consent.

You can manage cookie settings through your browser or through the cookie notice displayed on your first visit to the platform.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Data encryption in transit (TLS/SSL) and at rest
  • Azure AD B2C authentication with multi-factor verification
  • Regular security audits and system updates
  • Strictly controlled data access on a need-to-know basis
  • Logging and monitoring of access to sensitive data

8. Third-Party Data Sharing

We do not sell or share your data with third parties for marketing purposes. We may share data with:

  • Commissioning organization: If you were assessed as part of a selection or development process, results and reports are shared with the organization that commissioned the assessment, in accordance with the contract.
  • Service providers: We use trusted infrastructure providers (Microsoft Azure, OpenAI) who are contractually bound to protect your data in compliance with GDPR standards.
  • Government authorities: Only when legally required, based on a valid legal request.

9. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy in accordance with changes in legislation, technology, or business processes. We will notify you of significant changes through the platform or via email. We recommend that you periodically review this page.

10. Data Protection Contact

For all questions regarding the protection of your data, you can contact us:

CCSS — Data Protection

Email: info@ccss.pro

Web: ccss.pro/en/contact

We will respond to your request regarding the exercise of your rights within 30 days of receiving the request, in accordance with statutory deadlines.