As provided below, ExamSoft complies with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield regarding the collection, use, and retention of personal data from European Union member countries and Switzerland.
ExamSoft also complies with U.S. laws, including the Family Educational Rights and Privacy Act (“FERPA”), where applicable, which provide privacy protections for personal data. ExamSoft is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Collection of information
ExamSoft may collect, store, and use the following personal data:
- information that you provide in the process of registering a user account with ExamSoft, subscribing to ExamSoft’s websites’ services and/or email notifications, or using ExamSoft’s software to take an exam; and
- information about any transactions carried out between you and ExamSoft on or in relation to ExamSoft’s websites, including information relating to any purchases you make of ExamSoft’s goods or services.
For specific services, ExamSoft may also collect, store, use and retain “biometric identifiers” and “biometric information.” “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual. ExamSoft uses this information in the course of providing its certain of its services to its clients. Before ExamSoft collects biometric information or biometric identifiers, it will notify you, and you will have the right to consent or refuse to provide this information or identifiers. ExamSoft will retain, and it requires its vendors to retain, this information only for so long as required to provide the service, but in any event only for so long as the client account is maintained.
ExamSoft may also collect, store, and use non-personal data about your visits to and use of its websites, including information about your computer such as your IP address, geographical location, operating system, browser type, referral source, length of visit and number of page views.
ExamSoft is typically the data controller for any personal data it collects through its websites. However, in some cases, ExamSoft may collect personal data on behalf of its customers for purposes of providing exam-related services to those customers. In such cases, the customer may be the “data controller” of the applicable personal data, and ExamSoft is the “data processor,” as those terms are used in applicable data and privacy laws. In its role as a data processor, ExamSoft only processes applicable personal data in accordance with the applicable contract for purposes of providing its exam-related services to its customers.
Use of personal data
- process any inquiries submitted by you and other communications initiated by you in relation to your dealings with ExamSoft;
- to notify its users and customers of any issues affecting ExamSoft’s services and software, and the resolution thereof, including by email or text message;
- improve your browsing experience by personalizing the websites:
- when permitted by you, send you marketing communications;
- comply with statutory and regulatory requirements;
- in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; and
- to provide its exam-related services pursuant to its agreements with its users and its customers (e.g., educational institutions).
ExamSoft may use technology to track the patterns of behavior of visitors to these websites. This can include using a “cookie,” a text file sent by a Web server to a Web browser, and stored by the browser for record keeping purposes. As a result, it is possible to speed up your future activities at these websites and allow ExamSoft to provide you with a personalized browsing experience.
You can choose to accept or decline cookies by modifying your browser settings to accept or reject cookies. If you choose to decline cookies, this may prevent you from taking full advantage of the websites’ features. ExamSoft’s websites do not currently take any action in response to “do not track” signals submitted by some browsers.
Access to personal data
Security of your personal data
ExamSoft takes reasonable precautions to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration, and destruction. No method of transmission over the Internet, or method of electronic storage is 100% secure, however. Therefore, ExamSoft cannot guarantee its absolute security.
Processing of personal data
ExamSoft processes personal data on the following legal bases: (i) the express consent you provide when inputting your personal data into ExamSoft’s web-based applications and installed applications, and (ii) performance of ExamSoft’s contractual obligations. For those entities and individuals who are parties to ExamSoft’s software or services agreements or the Exam Taker License Agreement, ExamSoft’s performance of the terms of those underlying contracts is the legal basis for processing your personal data, and ExamSoft processes your personal data in accordance with and for the purposes set out in those agreements.
Links to other websites
Disclosure of your personal data
ExamSoft does not sell your personal data, and except for disclosures reasonably necessary for the purposes identified in the section above entitled “Use of personal data” and as set forth below, ExamSoft will not otherwise disclose your personal data with third parties. ExamSoft may disclose personal data:
- to the extent required by law;
- in connection with any legal proceedings or prospective legal proceedings;
- in order to establish or exercise ExamSoft’s legal rights or defend against claims;
- in connection with a sale, merger, acquisition, or other transaction affecting the associated business; and
- to third party service providers, such as consultants helping us provide technical or customer support and contractors hired to proctor certain exams, but only to the extent such service providers require such personal data to provide such services to ExamSoft and its users and customers.
In those cases of onward transfer of your personal data by ExamSoft to third parties, ExamSoft will assume liability.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
Privacy Complaints by European Union and Swiss Citizens
Mail: Attn: General Counsel
ExamSoft Worldwide, Inc.
5001 LBJ Freeway, Suite 700
Dallas, Texas 75244 USA
ExamSoft has further committed to refer unresolved Privacy Shield complaints to JAMS EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks, an independent alternative dispute resolution provider located in the United States. If a complaint is not resolved by other resource and enforcement mechanisms, then individuals may request binding arbitration. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the JAMS web site at: https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Children’s Online Privacy
The Children’s Online Privacy Protection Act (“COPPA”) protects the online privacy of children less than thirteen (13) years of age. ExamSoft and these websites are not directed toward individuals under the age of 13, and ExamSoft requests that such individuals do not provide personally identifying information through ExamSoft websites. Additionally, we do not knowingly collect or maintain any personally identifiable information from children under thirteen (13) through the websites.
Effective Date: April 25, 2019