Privacy and data processing at Workdex
How Workdex collects, uses, protects and shares data related to the skills and assessments modules.
Workdex is a spin-off brand owned by Coodesh. Legal, contractual and privacy operations for this product are run with support from Coodesh's structure.
This policy describes how Workdex handles personal data on the marketing site, in skills mapping flows, and in assessments delivered to enterprise customers.
Scope and categories of data
Workdex may process data from site visitors, corporate users, managers, evaluated employees and assessment participants. Scope covers marketing-site browsing, contracting, onboarding, use of the skills modules, and assessment delivery.
The data we process varies by the contracted flow and may be supplied by the customer company, by the user directly, or collected automatically for security, authentication and audit purposes.
- Profile and professional data, such as name, corporate email, role, company, business area and seniority.
- Skills data, learning paths, gaps, proficiency levels, answers, scores and evidence generated through assessments.
- Technical data, such as IP, device identifiers, access logs, browser, language and usage events.
- Additional media used during assessments — audio, video, webcam captures or attachments — only when the flow requires that type of evidence.
Use, legal bases and sharing
We process data to operate the platform, authenticate access, generate reports, recommend development actions, provide support, prevent fraud and keep the service secure and continuous.
Legal bases may include contract performance, legitimate interest, legal obligation and, where applicable, specific consent for optional features.
- We share data with infrastructure, authentication, analytics, messaging, support and storage providers strictly required to operate the service.
- We may also share data with public authorities, partners contracted by the customer company, or third parties named by the customer when there is a legal obligation or legitimate instruction.
- Workdex does not sell personal data outside the scope of the contracted service.
Retention, security and transfers
We retain personal data only as long as needed to fulfill the purposes described in this policy, meet regulatory obligations, preserve contractual evidence, and ensure defense in administrative or judicial proceedings.
We adopt technical and organizational security measures suited to the product context, including access controls, customer-level segregation, audit trails, encryption in transit and monitoring routines.
- Retention periods may vary by contract, assessment nature, customer requirements and legal obligations.
- When processing happens via vendors in other countries, we adopt contractual and operational mechanisms to keep the data adequately protected.
Subject rights and contact
Data subjects may request confirmation of processing, access, correction, anonymization, portability, deletion when applicable, information about sharing, and review of automated decisions when applicable.
In corporate contexts some requests must be coordinated with the customer company, which may act as the controller of the data entered into the platform.
- Send requests to legal@coodesh.com.
- Operational questions and general support can be directed to help@coodesh.com.
- We may ask for additional information to verify identity, the link to the customer company, and the scope of the request.