As a frequent service provider to entities and persons living within the European Union (EU),
Testinvite regularly provides its services under the umbrella of GDPR.
What is GDPR?
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for
the collection and processing of personal information from individuals who live in the EU.
What are the key principles of GDPR?
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (security)
Testinvite’s GDPR Status
GDPR defines Data Controllers as an entity that determines the purposes for which and the
means by which personal data is processed. Data Controllers decide ‘what’ data will be
collected, 'why' and 'how' the collected personal data should be processed. The Data
Processor processes personal data only on behalf of the Data Controller.
Testinvite generally collects personal data from exam participants on behalf of its
customers for purpose of providing exam-related services. In such cases, the customer will
be the “Data Controller” of the applicable personal data, and Testinvite is the “Data
Protection of Personal Data
Testinvite takes reasonable precautions to keep personal data entrusted with it, safe,
secure and confidential. It never sells personal data.
In addition, Testinvite has the security measures mentioned below in place for the
protection of personal data shared with it.
Testinvite uses cloud services for their operations. The physical facilities where Test
Invite is located requires an RFID chip to gain access.
Employees have only access to data contained in business applications on a 'need-to-know'
basis. Privileged users are granted on a 'need-to-access' basis.
Testinvite uses Sophos for end-point security and protection against viruses and ransomware.
All devices are encrypted with a remote swipe enabled should the device be lost or stolen.
Disclosure to Third Parties
Testinvite discloses personal data to third parties only under very limited circumstances.
For example, it may do so to the extent required by law or regulation or as requested by a
court or regulatory authority in connection with law enforcement. As a part of its
operations Testinvite may also provide personal data to its third-party service providers.
All such partners are required by law and/or contractual requirements to keep the disclosed
data confidential and secure.
You should please contact the Customer directly to exercise your applicable
privacy rights as they are the Data Controller. If you contact us directly,
we may remove or update your information within a reasonable time and after
advising the Customer of your request.
We delete personal data as soon reasonably practicable and in any event
within 21 days from the date of our customer’s written request.
Unless a written request for deletion is made, we keep personal data that has
been collected for 6 months and delete it within a reasonable time
This is subject to compliance with document retention laws and Testinvite’s
Yes, we do. Some of our service providers (such as Google Cloud, Mailgun
Technologies Inc. Tawk.to Inc. and Google Analytics) and all the data that
we collect is stored in the United States. Therefore, by selecting Test
Invite as your partner, you consent to the transfer of personal data outside
of your home country.