ProctorEdu

ProctorEdu GDPR Policy

Our Commitment to ensure transparency and comply with the General Data Protection Regulation (GDPR).

What should you know about GDPR?

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world which stands for the data privacy. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, as long as they target or collect data related to people in the EU.

The aim of this page is to help our customers comply with the GDPR and educate test-takers about their rights.

Where Do We Stand

The two main roles described in GDPR are Data Processor and Data Controller.
GDPR defines Data Controllers as an entity that determines the purposes for which and the means by which personal data is processed. The Data Processor processes personal data only on behalf of the Data Controller as per the requirements of the Data Controller.

ProctorEdu acts as a Data Processor

ProctorEdu acts as a data processor and processes data on behalf of its clients/organisations who act as data controllers. The data controllers specify the kind of data required from the data subject (test-taker) and ProctorEdu collects the specified data before or during the assessment and then processing it as per Data Controller's instructions.

We are committed to privacy and data protection

Privacy and data protection are of the utmost importance to us and we take steps to protect personal data in accordance with global data protection laws.

From our website visitors, to professors and test-takers, we aim to provide all of our users with clear explanations about the information we collect, how that information is used, the contexts in which it may be shared, and provide all other disclosures and rights available under applicable privacy laws.

What we do to comply with GDPR

A few of the steps that we undertake to achieve the compliance
We monitor GDPR and update data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws.
ProctorEdu takes reasonable measures and precautions to protect and secure the personal data that we process. We have robust information security procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction.


We review all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the related activity. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of GDPR and Schedule 1 of the Data Protection Bill are met.
We meet the 'data minimization' and 'storage limitation' principles. Personal information is stored, archived and destroyed compliantly and ethically.

We have a Privacy policy and Security policy which provide all individuals whose personal information we process information about why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
Where we obtain and process any special category information, we do so in compliance with the Article 9 requirements.
Processor Agreements – where we use any third-party to process personal information on our behalf (i.e. Payroll, Recruitment, Hosting, etc.), we have drafted compliant Processor Agreements and due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organizational measures in place and compliance with GDPR.
Where we obtain and process any special category information, we do so in compliance with the Article 9 requirements or the Data Protection Bill Schedule 1 condition and have high-level encryptions and protections on all such data.
We have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Our procedures are robust and disseminated to all employees, making them aware of the reporting lines and steps to follow.
We have a designated Data Privacy Officer who monitors compliance with the General Data Protection Regulation, with other European Union or Member State data protection law, and with the policies of ProctorEdu in relation to the protection of personal data.
To learn more

FAQ

Security measures taken to protect personal data
1. We maintain security at the infrastructure level by vetting each provider we use and ensure that every point of connection between providers is correctly initiated and consistently maintained.
2. We ensure network security by using the transmission TLS/1.3 (HTTPS) and DTLS (WebRTC).
3. We do not utilize any third party applications. Our software is completely homemade meaning that the risk of data breach is decreased.
4. Our development and legal teams frequently update our Privacy and Security Policy educating both our clients and team in how to handle valuable data.
5. Backing up data ensures that no single system failure will damage the security. So we take it seriously and have weekly backups which are created on a daily basis (overnight backups for the last seven days).
Data Deletion & Retention
We have established specific data erasure procedures to comply with the new "right to be forgotten" obligations and understand when these and other data subject rights apply, as well as any exceptions, response times and notification requirements.

Our standard retention policy is for data collected from regulated activities, including biometric data, to be retained for up to 360 days after the session, as well as identity data and data collected for authentication purposes (including those we use to create your identity information). The data might be deleted earlier upon request of the test-taker or the organisation. The software provides an option of automated data deletion schedule.
Consent from Users (Data Subjects):
The user's consent is gather right before the start of the assesment. This ensures that users are provided the relevant privacy policy and terms of service with details on why such information is being collected, and give their consent before using the service.
Our Privacy policy provides further details on the "What" & "Why" of the user's information being collected.
Test-takers' rights
As a person who uses the software, you're a data subject. The GDPR aims to give individuals more control over the data they loan to organizations.
Here is the list of the data subjects' privacy rights:

1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling.

Feedback

Our Data Proctection team will be happy to answer your questions or receive feedback.
Please let us know if you encounter any issues:

Phone: +1 302 883-888-5
E-mail: partners@proctoredu.com

We try to respond to feedback within 5 business days.