PRIVACY POLICY

Quebequois Politique de Confidentialite

Effective Date: July 10, 2019

ExamSoft Worldwide, Inc. (“ExamSoft”) is firmly committed to protecting your privacy. This privacy policy sets out how ExamSoft uses and protects your personal data. ExamSoft collects personal data through the websites hosted on the domain examsoft.com as well as through its web-based applications and locally-installed applications. The current privacy policy can be found at: http://learn.examsoft.com/privacy-policy.

As provided below, ExamSoft complies with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield regarding the collection, use, and retention of personal data from European Union member countries and Switzerland.

ExamSoft also complies with U.S. laws, including the Family Educational Rights and Privacy Act (“FERPA”), where applicable, which provide privacy protections for personal data. ExamSoft is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Collection of information

ExamSoft may collect, store, and use the following personal data:

  1. Information that you provide in the process of registering a user account with ExamSoft, subscribing to ExamSoft’s websites’ services and/or email notifications, or using ExamSoft’s software to take an exam.
    More specifically, when you take an examination, you enter certain data into the ExamSoft software including your name, student or registrant identification number, phone number, email address, answers, and other assessment content.
  2. Information that we collect automatically while administering examinations. We automatically collect information relating to exam takers as part of our contractual obligation to administer examinations and ensure examination integrity, such information typically includes: makes and models of computers used by exam takers, device identification numbers, types and versions of software used by exam takers, and security and software performance related information, such as keystroke data.
  3. Information about any transactions carried out between you and ExamSoft on or in relation to ExamSoft’s websites, including information relating to any purchases you make of ExamSoft’s goods or services. We may also collect information from website visitors such as IP address, geographical location, operating system, browser type, referral source, length of visit, and number of page views. We use cookies to collect information, track website visitors, and personalize your online experience. For more information, please see the “Cookies” section below.

For specific services, ExamSoft may also collect, store, use and retain “biometric identifiers” and “biometric information.” “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual. ExamSoft uses this information in the course of providing its certain of its services to its clients. Before ExamSoft collects biometric information or biometric identifiers, it will notify you, and you will have the right to consent or refuse to provide this information or identifiers. ExamSoft will retain, and it requires its vendors to retain, this information only for so long as required to provide the service, but in any event only for so long as the client account is maintained.

Access to System Files

Certain products in our solution require that prior to an assessment, each exam taker’s device must be secured. Therefore, in order to secure the exam taker’s device, ExamSoft must access and, in some instances, modify device system files. By using our products, you understand and consent to this action.

Data Controller

ExamSoft generally collects personal data on behalf of its customers for purposes of providing exam-related services to those customers. In such cases, the customer will be the “data controller” of the applicable personal data, and ExamSoft is the “data processor,” as those terms are used in applicable data and privacy laws. In its role as a data processor, ExamSoft only processes personal data in accordance with the applicable contract for purposes of providing its exam-related services to its customers.

For any personal data that it collects through its websites, ExamSoft is typically the data controller.

Use and sharing of personal data

Personal data submitted via these websites and applications will be used for the purposes specified in this privacy policy or in relevant parts of the website. In addition to the uses identified elsewhere in this privacy policy, ExamSoft may use your personal data for the following purposes:

  1. to process any inquiries submitted by you and other communications initiated by you in relation to your dealings with ExamSoft;
  2. to notify its users and customers of any issues affecting ExamSoft’s services and software, and the resolution thereof, including by email or text message;
  3. to improve your browsing experience by personalizing the websites;
  4. when permitted by you, to send you marketing communications;
  5. to comply with statutory and regulatory requirements;
  6. in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; and
  7. to provide its exam-related services pursuant to its agreements with its users and its customers (e.g., educational institutions).

ExamSoft does not sell your personal data, and except for disclosures reasonably necessary for the purposes identified above and as set forth below, ExamSoft will not otherwise disclose your personal data with third parties. ExamSoft may disclose personal data:

  1. with our customers for the purpose of exam administration;
  2. with our marketing partners, where you have opted-in to sharing for marketing purposes;
  3. to the extent required or permitted by law such as sharing with law enforcement where requested pursuant to an investigation;
  4. in connection with any legal proceedings or prospective legal proceedings;
  5. in order to establish or exercise ExamSoft’s legal rights or defend against claims, for example, as sharing may be necessary in order to assert a legal claim or defense, such as to enforce our Exam Taker End User License Agreement;
  6. in connection with a sale, merger, acquisition, or other transaction affecting the associated business; and
  7. to third party service providers, such as consultants helping us provide technical or customer support and contractors hired to proctor certain exams, but only to the extent such service providers require such personal data to provide such services to ExamSoft and its users and customers.

In those cases of onward transfer of your personal data by ExamSoft to third parties, ExamSoft will assume liability.

Use of cookies

ExamSoft may use technology to track the patterns of behavior of visitors to these websites. This can include using a “cookie,” a text file sent by a Web server to a Web browser, and stored by the browser for record keeping

purposes. As a result, it is possible to speed up your future activities at these websites and allow ExamSoft to provide you with a personalized browsing experience.

You can choose to accept or decline cookies by modifying your browser settings to accept or reject cookies. If you choose to decline cookies, this may prevent you from taking full advantage of the websites’ features. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences or visit http://www.allaboutcookies.org for more information.

ExamSoft’s websites do not currently take any action in response to “do not track” signals submitted by some browsers.

Choices and Rights

In many cases you should contact the university or test administrator directly to exercise applicable privacy rights. If you contact us directly, we may remove or update your information within a reasonable time and after providing notice to the controller of your request.

If our processing is based on your consent, you have the right to withdraw consent at any time.

In some cases, you may be able to object to the processing of our data or restrict its use, for example, if your data in wrongfully withheld or we no longer maintain a legal basis for processing the data. You may be able to request that we delete or erase some of your data, such as when it is no longer needed for exam administration.

You may access your personal data and correct, amend or delete inaccurate information or information that has been processed in violation of the EU-U.S. Privacy Shield or U.S. Swiss Privacy Shield’s Principles, except where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than the individual would be violated. To exercise this right, please contact us by e-mail or postal mail at the address set forth at the end of this privacy policy. In cases where we are not the data controller (such as when the personal data was collected on behalf of an educational institution as part of our exam-related services), we may be required to refer you or your request to the applicable data controller.

In many cases ExamSoft offers you the opportunity to choose (opt out) whether your personal data is to be disclosed to a third party (other than, for example, sharing to fulfill an applicable contract or to provide or improve our services) or is to be used for a purpose that is materially different than the purpose(s) for which it was originally collected or subsequently authorized by you.

To opt-out from receiving future email marketing or other promotional communications, please click the “unsubscribe” or “opt-out” link at the bottom of such emails, or contact us directly as set forth in the Contact Us section provided below.

California residents who provide personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing use. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year.

Security of your personal data

ExamSoft takes reasonable precautions to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration, and destruction. No method of transmission over the Internet, or method of electronic storage is 100% secure, however. Therefore, ExamSoft cannot guarantee its absolute security.

Legal bases for processing of personal data

ExamSoft processes personal data on the following legal bases: (i) performance of ExamSoft’s contractual obligations to which you are a party, and (ii) ExamSoft’s legitimate interest. For those entities and individuals who are parties to ExamSoft’s software or services agreements or the Exam Taker License Agreement, ExamSoft’s performance of the terms of those underlying contracts is the legal basis for processing your personal data, and ExamSoft processes your personal data in accordance with and for the purposes set out in those agreements.

Links to other websites

These websites may contain links to other websites of interest. ExamSoft is not responsible for the protection and privacy of any information which you provide while visiting such websites and such websites are not governed by this privacy policy. ExamSoft does not control and cannot be responsible for such third-party websites’ content, operation, or privacy policies and other terms of service.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

ExamSoft is based in the United States, and personal data collected by ExamSoft worldwide (including within the E.U. and Switzerland) may be transferred to the United States for processing. By using ExamSoft’s services or submitting personal data to ExamSoft, you consent to the transmission of your information outside your own country. ExamSoft complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Union and Switzerland to the United States. ExamSoft has certified to the Department of Commerce that is adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view ExamSoft’s certification, please visit www.privacyshield.gov and https://www.privacyshield.gov/list.

Privacy Complaints by European Union and Swiss Citizens

ExamSoft uses a self-assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformance with the Privacy Shield Principles. In compliance with the Privacy Shield Principles, ExamSoft commits to resolve complaints about our collection or use of your personal data. European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact ExamSoft at: Email: privacy@examsoft.com

Mail: Attn: General Counsel

ExamSoft Worldwide, Inc.

5001 LBJ Freeway, Suite 700

Dallas, Texas 75244 USA

ExamSoft has further committed to refer unresolved Privacy Shield complaints to JAMS EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks, an independent alternative dispute resolution provider located in the United States. If a complaint is not resolved by other resource and enforcement mechanisms, then individuals may request binding arbitration. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the JAMS web site at: https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Changes to privacy policy

ExamSoft may occasionally update this privacy policy. When it does, ExamSoft will also revise the Effective Date at the end of this policy. ExamSoft encourages you to periodically review this privacy policy to stay informed about ExamSoft’s collection, use, and disclosure of personal data. ExamSoft reserves the right, at its discretion, to change, modify, add, or remove portions of the privacy policy and the websites at any time.

Children’s Online Privacy

ExamSoft and these websites are not directed toward individuals under the age of 13, and ExamSoft requests that such individuals do not provide personally identifying information through ExamSoft websites. Additionally, we do not knowingly collect or maintain any personally identifiable information from children under thirteen (13) through the websites. Please contact us as provided below in the Contact Information section if you believe we may have collected such information.

Contact Information

If you have any questions or comments about this privacy policy or the manner in which ExamSoft collects, stores, or uses your personal data, please write by email to privacy@examsoft.com or by postal mail to Attn: General Counsel, ExamSoft Worldwide, Inc., 5001 LBJ Freeway, Suite 700, Dallas, TX 75244 USA.