GDPR Compliance
Updated on 4th of June, 2020
As a frequent service provider to entities and persons living within the European Union (EU), Testinvite regularly provides its services under the umbrella of GDPR.
What is GDPR?
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the EU.
What are the key principles of GDPR?
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
Testinvite’s GDPR Status
GDPR defines Data Controllers as an entity that determines the purposes for which and the means by which personal data is processed. Data Controllers decide ‘what’ data will be collected, 'why' and 'how' the collected personal data should be processed. The Data Processor processes personal data only on behalf of the Data Controller.
Testinvite generally collects personal data from exam participants on behalf of its customers for purpose of providing exam-related services. In such cases, the customer will be the “Data Controller” of the applicable personal data, and Testinvite is the “Data Processor”.
Protection of Personal Data
Testinvite takes reasonable precautions to keep personal data entrusted with it, safe, secure and confidential. It never sells personal data.
In addition, Testinvite has the security measures mentioned below in place for the protection of personal data shared with it.
Physical Security
Testinvite uses cloud services for their operations. The physical facilities where Test Invite is located requires an RFID chip to gain access.
Information Access
Employees have only access to data contained in business applications on a 'need-to-know' basis. Privileged users are granted on a 'need-to-access' basis.
Endpoint Security
Testinvite uses Sophos for end-point security and protection against viruses and ransomware. All devices are encrypted with a remote swipe enabled should the device be lost or stolen.
Disclosure to Third Parties
Testinvite discloses personal data to third parties only under very limited circumstances. For example, it may do so to the extent required by law or regulation or as requested by a court or regulatory authority in connection with law enforcement. As a part of its operations Testinvite may also provide personal data to its third-party service providers. All such partners are required by law and/or contractual requirements to keep the disclosed data confidential and secure.
Please refer to Testinvite’s privacy policy at the following link for further information: Privacy Policy
Test-Taker Questions
You should please contact the Customer directly to exercise your applicable privacy rights as they are the Data Controller. If you contact us directly, we may remove or update your information within a reasonable time and after advising the Customer of your request.
Customer Questions
We delete personal data as soon reasonably practicable and in any event within 21 days from the date of our customer’s written request.
Unless a written request for deletion is made, we keep personal data that has been collected for 6 months and delete it within a reasonable time thereafter.
This is subject to compliance with document retention laws and Testinvite’s regulatory obligations as detailed in our Privacy Policy.
Yes, we do. Some of our service providers (such as Google Cloud, Mailgun Technologies Inc. Tawk.to Inc. and Google Analytics) and all the data that we collect is stored in the United States. Therefore, by selecting Test Invite as your partner, you consent to the transfer of personal data outside of your home country.