GDPR Compliance

Updated on 04th of June, 2020

As a frequent service provider to entities and persons living within the European Union (EU), Test Invite regularly provides its services under the umbrella of GDPR.

What is GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the EU.

What are the key principles of GDPR?

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

Test Invite’s GDPR Status

GDPR defines Data Controllers as an entity that determines the purposes for which and the means by which personal data is processed. Data Controllers decide ‘what’ data will be collected, 'why' and 'how' the collected personal data should be processed. The Data Processor processes personal data only on behalf of the Data Controller.

Test Invite generally collects personal data from exam participants on behalf of its customers for purpose of providing exam-related services. In such cases, the customer will be the “Data Controller” of the applicable personal data, and Test Invite is the “Data Processor”.

Protection of Personal Data

Test Invite takes reasonable precautions to keep personal data entrusted with it, safe, secure and confidential. It never sells personal data.

In addition, Test Invite has the below security measures in place for the protection of personal data shared with it.

Physical Security

Test Invite uses cloud services for their operations. The physical facilities where Test Invite is located requires an RFID chip to gain access.

Information Access

Employees have only access to data contained in business applications on a 'need-to-know' basis. Privileged users are granted on a 'need-to-access' basis.

Endpoint Security

Test Invite uses Sophos for end-point security and protection against viruses and ransomware. All devices are encrypted with a remote swipe enabled should the device be lost or stolen.

Disclosure to Third Parties

Test Invite discloses personal data to third parties only under very limited circumstances. For example, it may do so to the extent required by law or regulation or as requested by a court or regulatory authority in connection with law enforcement. As a part of its operations Test Invite may also provide personal data to its third-party service providers. All such partners are required by law and/or contractual requirements to keep the disclosed data confidential and secure.

Please refer to Test Invite’s privacy policy at the following link for further information: Privacy Policy

FAQs

Test-Taker Questions

You should please contact the Customer directly to exercise your applicable privacy rights as they are the Data Controller. If you contact us directly, we may remove or update your information within a reasonable time and after advising the Customer of your request.

Customer Questions

We delete personal data as soon reasonably practicable and in any event within 21 days from the date of our customer’s written request.

Unless a written request for deletion is made, we keep personal data that has been collected for 6 months and delete it within a reasonable time thereafter.

This is subject to compliance with document retention laws and Test Invite’s regulatory obligations as detailed in our Privacy Policy.

Yes, we do. Some of our service providers (such as Google Cloud, Mailgun Technologies Inc. Tawk.to Inc. and Google Analytics) and all the data that we collect is stored in the United States. Therefore, by selecting Test Invite as your partner, you consent to the transfer of personal data outside of your home country.

Yes, we do. Some of our service providers (such as Google Cloud, Mailgun Technologies Inc. Tawk.to Inc. and Google Analytics) and all the data that we collect is stored in the United States. Therefore, by selecting Test Invite as your partner, you consent to the transfer of personal data outside of your home country.