DISC privacy policy
How this assessment stores and uses data.
This policy explains how Abundant Impact handles participant, client-administrator, coupon, payment, assessment, report, security, and support data for the DISC service.
What we collect
Clients provide participant name, email, organisation, team, and cohort. Participants provide job function, seniority level, country, assessment consent, and optional research consent.
We collect assigned coupon status, deadlines, assessment answers, server-calculated DISC results, reports, report approvals, secure access grants, and group membership.
We also collect client purchases, Stripe references and receipt links, administrator identity and MFA records, delivery status, login attempts, support grants, deletion requests, and audit events. Full payment-card details remain with Stripe.
Why we collect it
- To verify that an assigned email and coupon match, enforce deadlines, and save or resume an assessment.
- To calculate DISC results on the server, create reports, obtain client approval, and provide time-limited report access.
- To process client purchases, issue coupons after verified payment, deliver required emails, prevent abuse, and support account security.
- To create group reports only when every active group participant has submitted and at least five completed results are available.
- To fulfil correction, deletion, support, accounting, security, and audit obligations.
Our basis for processing
We process the data needed to provide the assessment, administer purchased coupons, protect accounts, produce approved reports, and meet legal or accounting duties. Participants give an explicit assessment-use choice before starting. Optional research processing requires a separate choice and is not required to complete the assessment.
How long we store it
Client and participant report access ends 12 months after client approval. A participant deadline or coupon expiry may end assessment access earlier.
After the access period, separately consented research responses may be anonymised. Responses without research consent are deleted under the retention process.
Financial and audit records are retained for the configured legal and accounting period. If you use a shared device, clear the saved session when you finish.
Who can see the data
- A participant can access only the assessment assigned to the matching email and coupon, and can open the report only after client approval.
- Client administrators can access participants, coupon progress, scores, and reports owned by their organisation.
- Master administrators monitor operations but cannot open a private report without a time-limited, reason-and-reference support grant recorded in the audit log.
Service providers and transfers
We use contracted providers for payment processing, authenticated email delivery, infrastructure, security, and backup storage. They receive only the information needed for their service. Where processing or storage occurs outside Malaysia, we apply contractual, access-control, encryption, and vendor-review safeguards appropriate to the transfer.
Security and incident response
We use organisation-scoped access, administrator MFA, encryption, private report storage, audit records, rate limits, database restrictions, and encrypted backups. No system can remove every risk. If a personal-data breach creates a notification duty, we will follow the applicable Malaysian notification requirements and contact affected people where required.
Requests to correct, delete, or remove personal details
Contact admin@hrdcorptrainer.com to request access, correction, deletion, restriction, or withdrawal of optional research consent before anonymisation. A client administrator submits a deletion request; a master administrator reviews and records the decision. Approved deletion revokes future portal access, but copies already printed or saved by an authorised recipient cannot be recalled. Once research data is irreversibly anonymised, it can no longer be linked back for withdrawal.
Controller identity
ABUNDANT IMPACT SDN BHD (201901000875 / 1310201-K), Unit 1.3.19 Level 3 Pearl Point, Batu 5 Jalan Klang Lama, 58000 Kuala Lumpur, Malaysia. Privacy and support contact: admin@hrdcorptrainer.com.