Skill Readiness
Get started

Legal

Privacy Policy

This policy explains how WAHLU LABS PTY LTD handles personal information in connection with Skill Readiness.

Effective Date

March 20, 2026

Last Updated

March 28, 2026

WAHLU LABS PTY LTD

ACN 696 304 140 · ABN 99 696 304 140 · Governing law: New South Wales, Australia

1. Who controls data

WAHLU LABS PTY LTD operates Skill Readiness. Depending on the setup, we may act as a service provider or processor for customer organisations, and those organisations may act as the primary controller of participant or employee data entered into the platform.

2. Data categories we collect

We may collect or process:

  • account and contact details such as name, work email, organisation, and role;
  • assessment configuration data, responses, reviewer notes, scores, and generated outputs;
  • operational data such as login events, usage metadata, device or browser information, and support interactions;
  • billing or commercial records relevant to the customer relationship.

3. How we collect and hold information

We collect information in a few different ways, including:

  • directly from customer organisations when they set up workspaces, users, and assessment programmes;
  • directly from users and respondents when they sign in, complete assessments, or provide review inputs;
  • automatically through normal platform operation, such as authentication events, security logs, and essential browser-side preferences;
  • from service providers that help us deliver the platform, such as hosting, database, storage, email, and billing providers.

We hold information in managed cloud systems used to operate the service, including application databases, object storage for workspace assets, email delivery systems, billing records, and security or operational logs. Access to those systems is limited to authorised personnel and service accounts that need it for service delivery, security, or support.

4. Purpose of processing

We use personal information to provide, secure, support, and improve the platform, including to:

  • set up customer workspaces and user access;
  • deliver assessments, scoring workflows, and output generation;
  • maintain records, troubleshoot issues, and respond to support requests;
  • manage billing, legal compliance, and service communications.

5. Customer organisations and controller responsibilities

In most customer deployments, the customer organisation decides what participant or employee information is collected through Skill Readiness and why it is used. In those cases, the customer organisation is typically the primary controller of that information and we act as a service provider or processor on its behalf.

Customer organisations are responsible for their own notices, permissions, legal bases, and internal governance for the people they invite into the platform or assess through it.

6. Legal bases

Depending on the jurisdiction and context, we process data on the basis of contract, legitimate interests, consent where required, and compliance with legal obligations. Customer organisations are responsible for ensuring they have an appropriate legal basis for the personal information they ask us to process on their behalf.

7. Sensitive and HR-related data

Customers may choose to use the platform in people, learning, or HR contexts. If you upload or ask respondents to provide sensitive, employment-related, or behavioural information, you are responsible for making sure that collection and use are lawful, proportionate, and appropriately communicated to affected individuals.

8. Sharing and subprocessors

We may share personal information with service providers that help us operate the platform, including providers in categories such as:

  • cloud hosting and infrastructure;
  • database, backup, and object storage services;
  • authentication, email delivery, and transactional communications;
  • billing, logging, monitoring, and security tooling;
  • professional advisers or counterparties where reasonably required for legal or operational purposes.

9. International transfers

Our service providers or infrastructure may process information in countries outside the one where the information was collected. Where relevant, we take reasonable steps to ensure those transfers are made with appropriate safeguards, contractual protections, or other lawful transfer mechanisms.

10. Retention

We retain information for as long as needed to provide the service, comply with legal requirements, resolve disputes, enforce agreements, and support reasonable data export requests after termination. Retention periods may vary by data type, customer contract, and legal obligation.

11. Security controls

We use reasonable administrative, technical, and organisational measures to protect information, including access controls, authentication controls, infrastructure security practices, and operational monitoring. No system is completely secure, and we do not guarantee that unauthorised access will never occur.

12. User rights and requests

Depending on the circumstances and applicable law, individuals may have rights to access, correct, delete, or object to certain processing of their personal information. Where we process information for a customer organisation, we may direct the request to that organisation first. Privacy requests can be sent through our contact page.

13. Cookies and similar technologies

We use cookies and similar technologies for core platform functionality, authentication flows, security controls, and user preferences such as theme settings. Customers and users can control browser-level cookie settings, although some site features may not work properly if essential cookies are disabled.

14. Privacy complaints

If you have a privacy concern or complaint, please use our contact page with enough detail for us to understand the issue. We may need to verify your identity, gather additional information, or refer the request to the relevant customer organisation where it controls the data in question. We will review the matter and respond within a reasonable period.

15. Children's data

Skill Readiness is intended for business and organisational use and is not designed for children. We do not knowingly collect personal information directly from children for consumer use cases.

16. Policy updates

We may update this policy from time to time to reflect changes to the service, our providers, or legal requirements. The latest version will be posted on this page with the updated effective and last updated dates.