PRIVACY POLICY

Quebequois Politique de Confidentialite

سياسة الخصوصية باللغة العربية

Effective Date: May 15, 2020

ExamSoft Worldwide, Inc. (“ExamSoft”) is firmly committed to protecting your privacy. This privacy policy sets out how ExamSoft uses and protects your personal data. ExamSoft collects personal data through the websites hosted on the domain examsoft.com as well as through its web-based applications and locally-installed applications.

As provided below, ExamSoft complies with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield regarding the collection, use, and retention of personal data from European Union member countries, Switzerland and the United Kingdom.

ExamSoft also complies with U.S. laws, including the Family Educational Rights and Privacy Act (“FERPA”), where applicable, which provide privacy protections for personal data. ExamSoft is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Collection of information

ExamSoft may collect, store, and use the following personal data:

  1. Information that you provide in the process of registering a user account with ExamSoft, subscribing to ExamSoft’s websites’ services and/or email notifications, or using ExamSoft’s software to take an exam.
    More specifically, when you take an examination, you enter certain data into the ExamSoft software including your name, student or registrant identification number, phone number, email address, answers, and other assessment content.
  2. Information that we collect automatically while administering examinations. We automatically collect information relating to exam takers as part of our contractual obligation to administer examinations and ensure examination integrity; such information typically includes: makes and models of computers used by exam takers, device identification numbers, types and versions of software used by exam takers, and security and software performance related information, such as keystroke data.
  3. Information about any transactions carried out between you and ExamSoft on or in relation to ExamSoft’s websites, including information relating to any purchases you make of ExamSoft’s goods or services. We may also collect information from website visitors such as IP address, geographical location, operating system, browser type, referral source, length of visit, and number of page views.

We use cookies to collect some of the information above, track website visitors, and personalize your online experience. For more information about our use of cookies, please see the “Cookies” section below.

For specific services, ExamSoft may also collect, store, use and retain “biometric identifiers” and “biometric information.” “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual. These types of information are also considered “biometric data” under the EU General Data Protection Regulation. ExamSoft uses this information in the course of providing certain of its services to its clients. Before ExamSoft collects biometric information or biometric identifiers, it will notify you, and you will have the right to consent or refuse to provide this information or identifiers. ExamSoft will retain, and it requires its vendors to retain, this information only for so long as required to provide the service, but in any event only for so long as required by the institution that is using the applicable ExamSoft product, or failing instruction from the client, so long as the client account is maintained.

Access to System Files

Certain products in our solution require that, prior to an assessment, each exam taker’s device must be secured. Therefore, in order to secure the exam taker’s device, ExamSoft must access and, in some instances, modify device system files. By using our products, you understand and consent to this action.

Data Controller

ExamSoft generally collects personal data on behalf of its customers for purposes of providing exam-related services to those customers. As a result, if you are a resident of the EU, Switzerland or the United Kingdom, for much of the personal data we process our customer will be the “data controller” of the applicable personal data, and ExamSoft is the “data processor,” as those terms are used in applicable data and privacy laws. In its role as a data processor, ExamSoft only processes personal data in accordance with the applicable contract for purposes of providing its exam-related services to its customers. Please check with the individual educational or examination provider about the policies they have in place regarding the collection and use of your personal data.

For any personal data that it collects through its websites, ExamSoft is typically the data controller. In addition, for specific services (for instance, its proctoring service) ExamSoft is a data controller. This is because ExamSoft needs to collect certain data (including biometric data) from an exam taker to verify the exam taker’s identity and monitor and detect irregular behavior during assessments. If we have collected your personal data while providing these services, your data will be processed in accordance with this privacy policy.

Use and sharing of personal data

Personal data submitted via these websites and applications will be used for the purposes specified in this privacy policy or in relevant parts of the website. In addition to the uses identified elsewhere in this privacy policy, ExamSoft may use your personal data for the following purposes:

  1. to process any inquiries submitted by you and other communications initiated by you in relation to your dealings with ExamSoft;
  2. to notify its users and customers of any issues affecting ExamSoft’s services and software, and the resolution thereof, including by email or text message;
  3. to improve your browsing experience by personalizing the websites;
  4. when permitted by a customer, to send it marketing communications;
  5. to comply with statutory and regulatory requirements;
  6. in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; and
  7. to provide and improve its exam-related services pursuant to its agreements with its users and its customers (e.g., educational institutions), and to develop new services for our customers.

ExamSoft will never sell any exam taker data. ExamSoft does not sell personal data, and except for disclosures reasonably necessary for the purposes identified above and as set forth below, ExamSoft will not otherwise disclose personal data with third parties. ExamSoft may disclose personal data:

  1. with our customers for the purpose of exam administration;
  2. with our marketing partners, where our customers have opted-in to sharing for marketing purposes;
  3. with our group companies helping us to provide our services and for the other purposes described in this privacy policy;
  4. to the extent required or permitted by law such as sharing with law enforcement where requested pursuant to an investigation;
  5. in connection with any legal proceedings or prospective legal proceedings;
  6. in order to establish or exercise ExamSoft’s legal rights or defend against claims, for example, as sharing may be necessary in order to assert a legal claim or defense, such as to enforce our Exam Taker End User License Agreement;
  7. in connection with a sale, merger, acquisition, or other transaction affecting the associated business; and
  8. to third party service providers and partners, such as consultants helping us provide technical or customer support, but only to the extent such service providers and partners require such personal data to provide such services to ExamSoft and its users and customers.

Use of cookies

ExamSoft may use technology to track the patterns of behavior of visitors to these websites. This can include using a “cookie,” a text file sent by a Web server to a Web browser and stored by the browser for record keeping purposes. As a result, it is possible to speed up your future activities at these websites and allow ExamSoft to provide you with a personalized browsing experience.

You can choose to accept or decline cookies by modifying your browser settings to accept or reject cookies. If you choose to decline cookies, this may prevent you from taking full advantage of the websites’ features. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences or visit http://www.allaboutcookies.org for more information.

ExamSoft’s websites only take action in response to “do not track” signals if it is browser enabled.  

Choices and Rights

Depending on your location and the data protection laws that apply to you, you may have certain rights with regard to personal data that ExamSoft processes about you.

In many cases you should contact the university or test administrator directly to exercise applicable privacy rights. If you contact us directly, we may remove or update your information within a reasonable time and after providing notice to and obtaining approval from the relevant university or test administrator. However, in certain cases where we are not the “controller” or “business” of your personal data (such as when the personal data was collected on behalf of an educational institution as part of our exam-related services), we may be required to refer you or your request to the applicable controller or business.

For EU, Swiss and UK residents. If you are located in the EU, Switzerland or the UK, the following rights will apply to you.

If our processing is based on your consent, you have the right to withdraw consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

In some cases, you may be able to object to the processing of our data or restrict its use, for example, if your data is wrongfully withheld or we no longer have a legitimate interest in processing the data. You may be able to request that we delete or erase some of your data, such as when it is no longer needed for exam administration, or request portability of your data.

You may access your personal data and correct, amend or delete inaccurate information or information that has been processed in violation of the EU-U.S. Privacy Shield or U.S. Swiss Privacy Shield’s Principles, except where the rights of persons other than the individual would be violated. To exercise this right, please contact us by e-mail or postal mail at the address set forth at the end of this privacy policy.

For California residents. Under the California Consumer Privacy Act (CCPA), California residents have the right to request that a business disclose certain information about the collection and use of their personal information over the past 12 months. A California resident also has the right to ask such businesses to delete the personal information they have collected, and if the business sells personal information they have a right to opt-out of that sale. Finally, a business cannot discriminate against a California resident for exercising any of their rights under the CCPA.

When providing its services to its customers, ExamSoft acts as a “service provider” under the CCPA and our collection and use of consumer personal information is performed solely on behalf of our customers (as CCPA businesses). If you are a California resident wishing to exercise any of your rights under the CCPA, and we collected your personal information in the context of our services, please direct your request to the individual educational or examination provider.

In addition, California residents who provide personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us, once a calendar year, information about the customer information we shared, if any, with other businesses for their own direct marketing use. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year.

For everyone. To opt-out from receiving future email marketing or other promotional communications from us, please click the “unsubscribe” or “opt-out” link at the bottom of such emails, or contact us directly as set forth in the Contact Us section provided below.

Security of your personal data

ExamSoft takes reasonable precautions to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration, and destruction. No method of transmission over the Internet, or method of electronic storage is 100% secure, however. Therefore, ExamSoft cannot guarantee its absolute security.

Legal bases for processing of personal data

If you reside in the European Union, Switzerland or the United Kingdom, the legal basis on which ExamSoft processes personal data will depend on the data concerned and the context in which the data is collected. However, ExamSoft normally processes personal data on the following legal bases: (i) performance of ExamSoft’s contractual obligations to which you are a party, (ii) your consent; (iii) ExamSoft’s legitimate interest; and (iv) to comply with a legal obligation to which ExamSoft is subject. If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our platform and communicate with you as necessary to provide our services to you and for our legitimate commercial interest; for instance, when responding to your queries, improving our platform, or undertaking marketing. We may have other legitimate interests and, if appropriate, we will make clear to you at the relevant time what those legitimate interests are.

Data retention

ExamSoft retains personal data so long as we have an ongoing legitimate business need to retain it (for example, to provide services to its customers or to comply with applicable legal, tax or accounting requirements).

When ExamSoft has no ongoing legitimate business need to process personal data, we will either delete or anonymize/de-identify it or, if this is not possible (for example, because the data has been stored in backup archives), then ExamSoft will securely store the personal data and isolate it from any further processing until deletion is possible.

Links to other websites

These websites may contain links to other websites of interest. ExamSoft is not responsible for the protection and privacy of any information which you provide while visiting such websites and such websites are not governed by this privacy policy. ExamSoft does not control and cannot be responsible for such third-party websites’ content, operation, or privacy policies and other terms of service.

International Transfers

ExamSoft is based in the United States, and personal data collected by ExamSoft worldwide (including within the European Union, Switzerland and the United Kingdom) may be transferred to the United States or anywhere else where our third party service providers and partners operate. However, ExamSoft has taken appropriate safeguards to ensure that your personal data remains protected in accordance with this privacy policy and applicable data protection law. This includes implementing the European Commission’s Standard Contractual Clauses for transfers of personal data to our third party service providers and partners.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

ExamSoft complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Union, Switzerland and the United Kingdom to the United States. ExamSoft has certified to the Department of Commerce that is adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view ExamSoft’s certification, please visit www.privacyshield.gov and https://www.privacyshield.gov/list.

Privacy Complaints by European Union, Swiss and UK Residents

ExamSoft uses a self-assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformance with the Privacy Shield Principles. In compliance with the Privacy Shield Principles, ExamSoft commits to resolve complaints about our collection or use of your personal data. European Union, Swiss and United Kingdom individuals with inquiries or complaints regarding our Privacy Shield policy should first contact ExamSoft at: Email: privacy@examsoft.com

Mail:

Attn: General Counsel
ExamSoft Worldwide, Inc.
5001 LBJ Freeway, Suite 700
Dallas, Texas 75244 USA

ExamSoft has further committed to refer unresolved Privacy Shield the EU data protection authorities (DPAs) for issues concerning both human resource and non-human resource data, and to comply with the advice given by such authorities with regard to such data transferred from the EU to the US.

If you are a resident of the European Union, Switzerland or the United Kingdom, you also have the right to complain to a data protection authority about our collection and use of your personal data. Contact details for data protection authorities in the European Economic Area are available here.

Changes to privacy policy

ExamSoft may occasionally update this privacy policy. When it does, ExamSoft will also revise the Effective Date at the beginning of this policy. ExamSoft encourages you to periodically review this privacy policy to stay informed about ExamSoft’s collection, use, and disclosure of personal data. ExamSoft reserves the right, at its discretion, to change, modify, add, or remove portions of the privacy policy and the websites at any time.

Children’s Online Privacy

ExamSoft and these websites are not directed toward individuals under the age of 13, and ExamSoft requests that such individuals do not provide personal data or personally identifying information through ExamSoft websites. Additionally, we do not knowingly collect or maintain any personal data or personally identifiable information from children under thirteen (13) through the websites. Please contact us as provided below in the Contact Information section if you believe we may have collected such information.

Contact Information

If you have any questions or comments about this privacy policy or the manner in which ExamSoft collects, stores, or uses your personal data, please write by email to privacy@examsoft.com or by postal mail to Attn: General Counsel, ExamSoft Worldwide, Inc., 5001 LBJ Freeway, Suite 700, Dallas, TX 75244 USA.