Last Updated: 30 January 2024

Note for California Residents: This Privacy Policy and the related Cookie Notice describes how we process your Personal Information and your rights and choices over our processing. In addition, the Notice for California and Other US State Residents section referenced below, contains specific details related to your rights under California law, including your right to opt out of “sales” of Personal Information.

* * * * * * *

This Privacy Policy applies to the ExamSoft Worldwide LLC (“ExamSoft,” “we,” “us”) websites (the “Websites”). It does not apply to the Personal Information collected on any of our assessment platforms and solutions, which are governed by the privacy policy available here.

This Privacy Policy describes how we may collect, use, and disclose Personal Information collected on the Websites. Personal Information is information that identifies, describes, or relates to an identified or identifiable individual, or information that is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information”) from visitors to our Websites (“you,” “your”). It also describes your choices regarding use, access, and changes to your Personal Information.

By accessing or using the ExamSoft Websites, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Websites.

In addition to reviewing this Privacy Policy, please also review our Website Terms of Use, because all its terms and conditions form an agreement between you and us.

Table of Contents


Personal Information We Collect

We collect Personal Information from you when you give information directly to us to provide you with certain services and resources. For example, if you choose to sign up to receive our newsletter, we will ask you to provide your first name, last name, and email address. If you request a demonstration of one of our assessment platforms or solutions or ask a question of our support team, we will ask you to provide certain Personal Information so that we may respond to your request. This may include information such as your first and last name, work email address, institution type, and country. We may also ask you to provide certain optional information, including your job title, institution name, and state of residence.

Children’s Privacy

Our Websites are intended for a general audience, and not for individuals under the age of 13 or otherwise under the age of consent in each region in which we operate (“children,” “child”). We do not knowingly collect Personal Information from children. Should we learn that we have inadvertently collected Personal Information from a child, we will take steps to promptly delete it.


Usage Information and Cookies

When you access our Websites, our servers automatically collect the Internet Protocol (“IP”) address associated with your device. We may also collect additional information such as a browser type and version, the operating system of your device and language, country, the referral URL, the length of time you spend on our Websites, as well as the pages you visit most frequently and when. We use this information to help us administer the Websites, remember your preferences, and diagnose technical problems. We also analyze the information for aggregate trends about how our Websites are used and to help improve our Websites.

We collect this information through the use of web servers and these tracking technologies:

Cookies: A cookie is a small data file sent by a website and stored on the computer or device at the request of that website. Cookies store information related to a user’s browser to enable us to recognize the browser on return visits to our Websites and to remember your preferences.

Pixel tags. A pixel tag (also referred to as a “clear gif” or “web beacon”) allows us to track the online usage patterns of the Websites and to understand which links are clicked. When we send you emails that you have opted into, pixel tags also allow us to track which emails are opened. This information is used to help us improve the Websites.

HTML5 Storage. HTML5 storage or local storage allows us to distinguish your device from others and to remember information that might be important for the functioning of the Websites, such as to remember your location preference or your logged in state. Typically, HTML5 storage is only deleted if all Internet history, cache, and cookies are deleted. Check your browser controls for information on how to delete your HTML5 storage.

Third Party Cookies and Tracking

We use third party service providers to help us collect and understand usage information and to support our marketing efforts. A list of companies that host cookies on our Websites, the services they provide, and information on how you may opt out of certain cookies is included in our Cookie Notice. Most browsers can be set to detect and provide the option to reject browser cookies, but doing so may affect certain features of the Websites. To make choices about cookies placed by us or our third parties on our Websites, you may do so by visiting the Cookies Settings in the footer of the website, which may also appear, in certain jurisdictions, as “Do Not Sell My Personal Information”. If you do not/no longer want to have cookies placed on your browser by third parties, many of them also offer ways to opt out. To learn more about browser cookies, including how to manage or delete them, refer to the “Tools,” “Help,” or similar section of your web browser.

We do not serve targeted advertising on our Websites. When you use the Internet, however, we and our third parties, as well as unaffiliated third parties, including ad networks, analytics companies, and social networking platforms, may use tracking technologies, including pixels and cookies, such as those described above, to collect information about your online activities over time and across our and other websites. We and they may use this information to measure the effectiveness of our marketing and to serve you advertisements that may be of interest to you. Currently, our websites do not respond to “do not track” signals transmitted by web browsers.

For more information about third party advertisers and how to prevent them from using your information, visit the NAI ‘s consumer website at http://www.networkadvertising.org/choices or http://www.aboutads.info/choices/, or http://www.youronlinechoices.com/uk/. If you do want to opt out using these tools, you need to opt out separately for each of your devices and for each web browser (such as Chrome, Edge, Firefox, Safari, or others) that you use on each device. Note that DNT is different than the Global Privacy Control (GPC), which we do respond to in certain applicable territories. To find out more about GPC, please visit https://globalprivacycontrol.org/.


How We Use and Disclose Your Personal Information

We use and disclose your Personal Information for the purposes noted at the time we request it and as described below. Where required, we have also explained our legal basis for such use and disclosure.

  • To administer our Websites: to maintain and administer our Websites and to ensure the security of our Websites, including providing support, services and security via our third party providers.
  • To communicate with you: including to respond to your requests, resolve a support issue, notify you about changes to the Websites, and to otherwise communicate and solicit feedback on your experience with our products and services.
  • In the event of a reorganization, merger, sale, assignment, bankruptcy, or similar business change: we may need to transfer your Personal Information to that re-organized entity or new owner after the sale or reorganization for them to use in accordance with this Privacy Policy.
  • To operate our business: including by sharing with our parent, subsidiaries, affiliates and other related entities, such as those listed at https://www.advance.com/, and our advisors, including lawyers, consultants, accountants, and others for our lawful business purposes.

Our legal basis for these practices, where required by applicable law, is the fulfillment of our legitimate interests as processing this Personal Information is necessary for us to provide you with access to our Websites, to communicate with you about issues related to the Websites, and to change or operate our business. These activities are reasonably expected by you and do not unduly and negatively affect your privacy rights, and enable us to perform our contracted-for obligations and provide you with access to our Services.

  • In relation to a known or suspected violation of our terms of use, fraud prevention or other unlawful use: including to share Personal Information with entities assisting us in investigation and as may be required by applicable law.
  • In connection with legal or regulatory obligations: we may use and disclose your Personal Information as necessary to protect our rights or the rights and safety of our users, or as necessary in the event of a court order, regulatory inquiry, or other lawful request. Unless legally prohibited, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.

Our legal bases for these practices, where required by applicable law, are to fulfill our legal obligations such as to allow us to ensure the legality of our Websites; and legitimate interests, because processing this Personal Information is necessary to the provision of our Services, and to protect our legal rights, these activities are reasonably expected by you and these activities do not unduly and negatively affect your privacy rights.

  • To provide you with marketing materials: to provide you with updates and offers about our products. At any time, you may unsubscribe or opt out of further communication on any electronic marketing communication by using the link labeled “unsubscribe” available in each email communication.

Our legal basis for these practices, where required by applicable law, is your consent where such consent is required.


How You May Modify Your Personal Information

If you would like to review, correct, update or request that we delete Personal Information you have provided to us, please contact us at privacy@examsoft.com and specify what you would like to review, correct, update or have deleted.


Third Parties

We may engage with third parties to facilitate our delivery of our Websites and to provide certain features on our behalf, such as data hosting, analytics, content delivery, maintenance, email and marketing management, security, and similar functions. These third parties may require a limited amount of Personal Information in order to deliver their services.


Links

Our Websites contain links to third party websites, including social networking websites. The fact that we link to a website is not an endorsement or representation of an affiliation with that website. We do not control third party websites or their privacy practices. These other websites may place their own cookies or other files on your computer, collect data or solicit Personal Information from you. Other sites follow different rules regarding the use or disclosure of the Personal Information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.


Security

We use physical, administrative, and technical safeguards to help protect the confidentiality, integrity, and availability of your Personal Information. We host Personal Information in cloud-based environments that use firewalls, encryption, and other industry-standard technologies in an effort to prevent interference or access from outside intruders. The Internet, however, is not perfectly secure, and we are not responsible for security breaches not reasonably within our control.


Data Retention

We retain Personal Information for as long as is necessary to provide you with access to our Websites or as long as is permissible under applicable law, including as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, comply with applicable industry standards, and protect the security of our Websites.

To determine the appropriate retention period, we consider the categories, amount, nature, and sensitivity of personal data, the potential risk of harm from unauthorized use of disclosure of the personal data, the purposes for which we process the personal data, if we can achieve the purposes through other means, and the applicable legal requirements


Opt Out Policy

We may send you emails with information about our products. You may opt out of receiving these email messages from us by clicking on the “unsubscribe” link found at the bottom of every email that we send.

We do not send email messages on behalf of third parties.


Notice For California and Other US State Residents

Certain US state laws, including California, provide their residents with certain rights related to their Personal Information, as described below. We provide these rights to all US residents. Before we may fulfill certain requests, we are required by law to verify your identity in order to prevent unauthorized access to your data, as described below.

Right to Know and Access: You have the right to request access to the Personal Information we maintain about you in the ordinary course of business. This may include Personal Information we collect, use, or disclose about you.

Right of Correction: You have the right to correct inaccuracies in the Personal Information we maintain about you.

Right to Delete: You have the right to request that we delete your Personal Information.

Right to Opt Out of “Sale” or “Sharing” of Personal Information: You have the right to opt out of “sales” of Personal Information or “sharing” of Personal Information for cross-contextual behavioral advertising purposes (as these terms are defined under applicable law), which for our Websites essentially means transfer of your Personal Information to certain third parties for their or for others ‘ commercial purposes, including advertising and marketing purposes. You may opt out of this practice by clicking on the “Do Not Sell My Personal Information” link available here or on the footer of our Websites and follow the instructions.

In the case of all such requests, we may not fulfill all or part of the request as permitted or required by applicable law. For example, if you request that we delete your Personal Information, there may be certain records we are legally required to retain.

Verification

In the case of requests to know, correct, and delete in relation to our Websites, we must take reasonable steps to verify your identity before fulfilling your requests. For example, we may seek to establish your identity to a reasonable or a reasonably high degree of certainty by matching information that you submit alongside your request with information that we have in our records. We may ask you or your authorized agent for supplemental information as needed to establish your identity. Authorized agents may also be required to provide a copy of the consumer ‘s signed permission authorizing the agent to submit requests on the consumer ‘s behalf under applicable local law.

To Exercise Your Rights

To exercise the rights described above, please contact us at privacy@examsoft.com. Should you have any questions or concerns regarding your privacy rights or this Privacy Policy, you may contact us using at: privacy@examsoft.com.

Please note that your ability to exercise the above rights is subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). Requests to exercise these rights may be granted in whole, in part, or not at all, depending on the scope and nature of the request and applicable law. Where required by applicable law, we will notify you if we reject your request and notify you of any reasons we are unable to honor your request.

Non-discrimination

We do not discriminate or otherwise penalize anyone for exercising their rights under this Privacy Policy.

The chart below explains our Personal Information collection and sharing practices over the past 12 months.

Categories of Personal Information we may collect
  • Identifiers such as your first and last name, work email address, institution type, and country, which is considered Personal Information under subdivision (e) of California Business and Professions Code Section 1798.80.
  • Internet or other electronic network activity information related to your use of our Websites including your Internet Protocol address.
  • Professional or employment-related information, including your job title, institution name, and state.
  • If you choose to sign up to receive resource or newsletter updates, we will collect your email address.

We do not collect Sensitive Personal Information as it is defined under applicable law.

Categories of sources from which the Personal Information is collected

We collect the Personal Information directly from you including during the time you spend on the Websites.

Business or commercial purpose for collecting, “selling,” or sharing Personal Information We collect your Personal Information to operate the Websites, respond to your requests and for the following business purposes:

  • Maintaining or servicing the Websites and providing customer service.
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Debugging to identify and repair errors that impair existing intended functionality.
  • Sending you marketing communications.
  • Inferences drawn from your use of our Websites are used by us and our third parties to support our marketing and remarketing efforts, and by third parties for their or others commercial interests, including to enable interest-based advertising.
Categories of third parties with whom we share or “sell” your Personal Information
  • We may share your Personal Information – specifically your IP address, device ID or similar online identifier, with certain third parties, such as social networks and advertising networks. This information may be used to inform the advertising you see after you ‘ve visited our Websites, which may constitute the “sale” of your Personal Information (as defined under applicable law.)
  • We may also share your Personal Information with our parent, subsidiaries, affiliates and other related entities, such as those listed at https://www.advance.com/, and our advisors, including lawyers, consultants, accountants, and others for our lawful business purposes.
Specific pieces of Personal Information we have collected in the past 12 months.
  • Internet Protocol address, device ID.
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with our Websites.
  • First and last name, work email address, institution name, country, state, institution type, job role/title, phone.
  • Any other information you choose to provide.

California “Shine the Light” Rights
If you are a resident of California, you may request certain information regarding our disclosure of Personal Information (if any) for marketing purposes. To make such a request, please contact us at: Turnitin, LLC Attn: Legal Department 2101 Webster St., Suite 1900 Oakland, California 94612.


Additional Information for Users from the European Economic Area (EEA), Switzerland, and the United Kingdom (UK)

If you are located outside of the United States, please be aware that your information will be transferred to, processed, and stored in the United States.

When you access our Websites, we function as a “data controller” under the General Data Protection Regulation (“GDPR”). In some cases, we will ask for your consent so that we may process your Personal Information. In other circumstances, we may rely on a different lawful basis, as explained in the section, “How we Use and Disclose Your Personal Information.”

By submitting your Personal Information, you acknowledge that we may transfer, process and store your information in this way. Wherever the information is, it will be treated securely and in accordance with this Privacy Policy and applicable privacy laws of the United States. These laws may be different from the privacy laws in your country. However, this does not change our commitments to safeguard your privacy and we will comply with all applicable laws relating to the cross-border data disclosure of your Personal Information. Where required, we will implement Standard Contractual Clauses with our third parties or rely on such other transfer mechanism to ensure that the transfer of your Personal Information outside of the EEA, UK, and Switzerland is lawful. You may request details of the transfer mechanisms that we rely on to transfer Personal Information outside of these regions by emailing us at legal@turnitin.com.


EU-US Data Privacy Framework Certification

ExamSoft Worldwide LLC, and its group company, Turnitin, comply with the EU-US Data Privacy Framework (“EU-US DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-US DPF) (collectively, the “Frameworks”) as set forth by the U.S. Department of Commerce. ExamSoft has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-US DPF Principles”) with regard to the processing of Personal Information received from the European Union in reliance on the EU-US DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-US DPF. ExamSoft has certified to the U.S. Department of Commerce that it adheres to the Swiss-US Data Privacy Framework Principles (“Swiss-US DPF Principles”) with regard to the processing of Personal Information received from Switzerland in reliance on the Swiss-US DPF. If there is any conflict between the terms in this Privacy Policy and the EU-US DPF Principles and/or the Swiss-US DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov.

In compliance with the Frameworks, ExamSoft commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of Personal Information received in reliance on the Frameworks should first contact ExamSoft at:

Data Protection Officer
Turnitin, LLC, 2101 Webster Street, Suite 1900, Oakland 94612 CA USA
Phone: +44 (0) 191 681 0227
Email: DPO@turnitin.com

ExamSoft must respond within 45 days of receiving a complaint.

In compliance with the EU-US DPF and the UK Extension to the EU-US DPF and the Swiss-US DPF, ExamSoft commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (“DPAs”) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (“GRA”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to unresolved complaints concerning our handling of Personal Information received in reliance on the respective Frameworks.

The Federal Trade Commission has jurisdiction over ExamSoft’s compliance with the Frameworks. ExamSoft will submit to binding arbitration in the event that a dispute can not be resolved by the aforementioned mechanisms. ExamSoft shall assume liability for any onward transfers of Personal Information made to third parties.


Additional Data Rights

Please note that the rules in your country may provide you with additional rights or may limit these rights. In all cases, our provision of the rights will comply with the applicable laws.

If you are based in the EEA, UK, or Switzerland, for example, you may have the right to access, update or correct your Personal Information, to request deletion of such Personal Information, and to object to certain processing, including that related to marketing, to receive a machine-readable copy of the Personal Information concerning you that you provided to us or request us to transfer such data to an applicable third party in certain circumstances.

In addition, where you provided your consent for our processing of your Personal Information, you may withdraw your consent by contacting us using the details provided in the “Contact” section. You may also restrict how we use your Personal Information while a complaint is being investigated.

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege).


Updates to This Privacy Policy

As our Websites evolve, we may make changes to this Privacy Policy. We will alert you to changes by providing notice within the Website or otherwise as required by law. The “last updated” note at the top of this policy indicates when it was last revised, and updates will become effective when they are posted.


Contact

If you have questions about this Privacy Policy or concerns about how we handle your Personal Information, please contact us at:

Attn: General Counsel
ExamSoft Worldwide LLC
5001 LBJ Freeway, Suite 700
Dallas, TX 75244 USA

– OR –

privacy@examsoft.com

If you have concerns or complaints regarding this Privacy Policy or our data handling procedures, you may have a right to lodge a complaint with a supervisory authority.