Effective Date: June 21, 2021
As provided below, ExamSoft complies with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield regarding the collection, use, and retention of personal data from European Union member countries and Switzerland.
ExamSoft also complies with U.S. laws, including the Family Educational Rights and Privacy Act (“FERPA”), where applicable, which provide privacy protections for personal data. ExamSoft is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Collection of information
ExamSoft may collect, store, and use the following personal data:
- Information that you provide in the process of registering a user account with ExamSoft, subscribing to ExamSoft’s websites’ services and/or email notifications, or using ExamSoft’s software to take an exam.
More specifically, when you take an examination, you enter certain data into the ExamSoft software including your name, student or registrant identification number, phone number, email address, answers, and other assessment content.
- Information that we collect automatically while administering examinations.
We automatically collect information relating to exam takers as part of our contractual obligation to administer examinations and ensure examination integrity, such information typically includes, but is not limited to: makes and models of computers used by exam takers, types and versions of software used by exam takers, security and software performance related information, and log files and software usage patterns, such as exam upload and download information.
In addition, if your institution has asked us to provide digital identity authentication and/or proctoring services for your exam, we will present you with a Notice and Consent for Collection of Biometric and other Personal Data (“Notice and Consent”). After acknowledgment of the Notice and Consent, we collect a scan of your face geometry, along with information based on that scan (“Biometric Information”). Each time you take an exam, we will prompt you to use your device camera to take your photo. The photo and associated Biometric Information are compared with your prior exam photos and associated Biometric Information to authenticate your identity.
For our proctoring services, we collect and use video and audio recordings of you while taking your exam. The recordings are automatically analyzed to compare your activity during the exam against parameters established for the examination. We use third-party service providers to help provide the photo and recording analysis services, but they have no other rights to access or use your Biometric Information, photos, recordings, or other personal data for other purposes.
We share all photos, scans, and recordings, as well as a list of potential anomalies, with the institution providing the exam so they may determine whether their requirements have been met.
We will retain your Biometric Information, photos, and the video and audio recordings for up to one year after your last interaction with the ExamSoft software with the Institution, or as otherwise required by law, after which we will delete the data. However, at any time the institution providing the exam may request that we delete your Biometric Information, photos, recordings, or other personal data, on your or on their behalf, and we will do so as permitted by law.
Access to System Files
Certain products in our solution require that prior to an assessment, each exam taker’s device must be secured. Therefore, in order to secure the exam taker’s device, ExamSoft must access and, in some instances, modify device system files. By using our products, you understand and consent to this action.
ExamSoft generally collects personal data on behalf of its customers for purposes of providing exam-related services to those customers. In such cases, the customer will be the “data controller” of the applicable personal data, and ExamSoft is the “data processor,” as those terms are used in applicable data and privacy laws. In its role as a data processor, ExamSoft only processes personal data in accordance with the applicable contract for purposes of providing its exam-related services to its customers.
For any personal data that it collects through its websites, ExamSoft is typically the data controller.
Use and sharing of personal data
- to process any inquiries submitted by you and other communications initiated by you in relation to your dealings with ExamSoft;
- to notify its users and customers of any issues affecting ExamSoft’s services and software, and the resolution thereof, including by email or text message;
- to improve your browsing experience by personalizing the websites;
- when permitted by you, to send you marketing communications;
- to comply with statutory and regulatory requirements;
- in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; and
- to provide its exam-related services pursuant to its agreements with its users and its customers (e.g., educational institutions).
ExamSoft does not sell your personal data, and except for disclosures reasonably necessary for the purposes identified above and as set forth below, ExamSoft will not otherwise disclose your personal data with third parties. ExamSoft may disclose personal data:
- with our customers for the purpose of exam administration;
- with our marketing partners, where you have opted-in to sharing for marketing purposes;
- to the extent required or permitted by law such as sharing with law enforcement where requested pursuant to an investigation;
- in connection with any legal proceedings or prospective legal proceedings;
- in order to establish or exercise ExamSoft’s legal rights or defend against claims, for example, as sharing may be necessary in order to assert a legal claim or defense, such as to enforce our Exam Taker End User License Agreement;
- in connection with a sale, merger, acquisition, or other transaction affecting the associated business; and
- to third party service providers, such as consultants helping us provide technical or customer support and contractors hired to proctor certain exams, but only to the extent such service providers require such personal data to provide such services to ExamSoft and its users and customers.
In those cases of onward transfer of your personal data by ExamSoft to third parties, ExamSoft will assume liability.
ExamSoft may use technology to track the patterns of behavior of visitors to these websites. This can include using a “cookie,” a text file sent by a Web server to a Web browser, and stored by the browser for record keeping purposes. As a result, it is possible to speed up your future activities at these websites and allow ExamSoft to provide you with a personalized browsing experience.
You can choose to accept or decline cookies by modifying your browser settings to accept or reject cookies. If you choose to decline cookies, this may prevent you from taking full advantage of the websites’ features. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences or visit http://www.allaboutcookies.org for more information.
ExamSoft’s websites do not currently take any action in response to “do not track” signals submitted by some browsers.
Choices and Rights
In many cases, such as is noted above, you should contact the university or test administrator directly to exercise applicable privacy rights. If you contact us directly, we may remove or update your information within a reasonable time and after providing notice to the controller of your request.
If our processing is based on your consent, you have the right to withdraw consent at any time.
In some cases, you may be able to object to the processing of our data or restrict its use, for example, if your data in wrongfully withheld or we no longer maintain a legal basis for processing the data. You may be able to request that we delete or erase some of your data, such as when it is no longer needed for exam administration.
In many cases ExamSoft offers you the opportunity to choose (opt out) whether your personal data is to be disclosed to a third party (other than, for example, sharing to fulfill an applicable contract or to provide or improve our services) or is to be used for a purpose that is materially different than the purpose(s) for which it was originally collected or subsequently authorized by you.
To opt-out from receiving future email marketing or other promotional communications, please click the “unsubscribe” or “opt-out” link at the bottom of such emails, or contact us directly as set forth in the Contact Us section provided below.
California residents who provide personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing use. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year.
Security of your personal data
ExamSoft takes reasonable precautions to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration, and destruction. No method of transmission over the Internet, or method of electronic storage is 100% secure, however. Therefore, ExamSoft cannot guarantee its absolute security.
Legal bases for processing of personal data
ExamSoft processes personal data on the following legal bases: (i) performance of ExamSoft’s contractual obligations to which you are a party, and (ii) ExamSoft’s legitimate interest. For those entities and individuals who are parties to ExamSoft’s software or services agreements or the Exam Taker License Agreement, ExamSoft’s performance of the terms of those underlying contracts is the legal basis for processing your personal data, and ExamSoft processes your personal data in accordance with and for the purposes set out in those agreements.
Links to other websites
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
Privacy Complaints by European Union and Swiss Citizens
Mail: Attn: General Counsel
ExamSoft Worldwide LLC
5001 LBJ Freeway, Suite 700
Dallas, Texas 75244 USA
ExamSoft has further committed to refer unresolved Privacy Shield complaints to JAMS EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks, an independent alternative dispute resolution provider located in the United States. If a complaint is not resolved by other resource and enforcement mechanisms, then individuals may request binding arbitration. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the JAMS web site at: https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Children’s Online Privacy
ExamSoft and these websites are not directed toward individuals under the age of 13, and ExamSoft requests that such individuals do not provide personally identifying information through ExamSoft websites. Additionally, we do not knowingly collect or maintain any personally identifiable information from children under thirteen (13) through the websites. Please contact us as provided below in the Contact Information section if you believe we may have collected such information.