Privacy policy

ProctorEdu is committed to ensuring the security and protection of the personal information that is processed, and to provide a compliant and consistent approach to data protection. ProctorEdu recognizes its obligations and supports the demands of GDPR.

ProctorEdu is dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for GDPR.

What we do to comply with GDPR:

• We monitor GDPR and update data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws.
  
• We meet the 'data minimization' and 'storage limitation' principles. Personal information is stored, archived and destroyed compliantly and ethically.
  
• We have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Our procedures are robust and disseminated to all employees, making them aware of the reporting lines and steps to follow.
  
• We review all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the related activity. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of GDPR and Schedule 1 of the Data Protection Bill are met.
  
• Processor Agreements – where we use any third-party to process personal information on our behalf (i.e. Payroll, Recruitment, Hosting, etc.), we have drafted compliant Processor Agreements and due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organizational measures in place and compliance with GDPR.
  
• Where we obtain and process any special category information, we do so in compliance with the Article 9 requirements or the Data Protection Bill Schedule 1 condition and have high-level encryptions and protections on all such data.
  
• We have a designated Data Privacy Officer who monitors compliance with the General Data Protection Regulation, with other European Union or Member State data protection law, and with the policies of ProctorEdu in relation to the protection of personal data.
• Where we obtain and process any special category information, we do so in compliance with the Article 9 requirements.
  
• ProctorEdu takes reasonable measures and precautions to protect and secure the personal data that we process. We have robust information security procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction.
  

Data Subject Rights

In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, namely:

• The right of access;
  
• The right to rectification;
  
• The right to restriction of processing;
  
• The right to object;
  
• The right to not be subject to automated individual decision-making resulting in decisions having legal or significant effects;
  
• The right to data portability;
  
• The right to erasure ('right to be forgotten')
  

Questions regarding data storage, recovery, and deletion should be directed to: support@proctoredu.com