Your rights are very important, and we are committed to being transparent about our use of your data.
We have established protocols to handle data processing. Just as we guarantee the confidentiality and security of data, you can be assured that at the end of our service any data processed will be erased. Additionally, should a data breach occur, we will immediately report the event and its details to our data controller upon its identification.
We have a team of highly specialized data personnel responsible to process data and to ensure that we are fully compliant with data protection regulations. Our data team monitors data integrity, accuracy, and confidentiality and performs regular security reviews. The team keeps a record of all processing activities. When an inaccuracy is discovered the data is updated without undue delay.
Our Data Protection Officer (DPO) keeps our management updated on data protection responsibilities, risks, and issues. Our DPO also deals with access requests and approvals of any contracts with third parties that handle sensitive data. Since we handle large amounts of data on a regular basis, our DPO oversees our compliance with various data laws, including the General Data Protection Regulation (GDPR) of the European Union (EU) and the European Economic Area (EEA) and the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada.
When you access our website and platforms, we may collect the following information based on the requirement of the Controller:
When you access our platforms, we do not collect any of the following:
We have a valid legal basis for the processing of any data that we collect from you. The legal basis for the processing of your data is established between us and the Controller of the data prior to the processing of the data. It is also processed lawfully, fairly, and transparently. The lawful basis on which we process your data is based on the following:2.2.1. Consent: We process data only after you have provided your consent (permission) to the Controller of the data to process the personal data that you provide us while accessing our products. It is only after we receive official instructions from the Controller, we process the data.
We are committed to protecting your data by utilizing security safeguards against loss, theft, unauthorized access, disclosure, copying, and unauthorized use or modification. We keep data confidential, accurate, and available when needed, and review our data protection measures on a regular basis. The data is stored on secure cloud servers that have stringent security standards which are regularly audited to maintain the following industry leading certifications: Cloud Security Alliance Controls, ISO 9001 (Global Quality Standard), ISO 22301 (Security and Resilience), ISO 27001 (Security Management Controls), ISO 27017 (Cloud Specific Controls), ISO 27701 (Privacy Information Management), ISO 27018 (Personal Data Protection), SOC 1 (Audit Controls Report), SOC 2 (Security, Availability, & Confidentiality Report), and SOC 3 (General Controls Report). The cloud servers are located in jurisdictions that fully comply with the data security requirements as specified by our Controllers and the related data laws of their respective jurisdictions.
Our Data Management Framework details our policies concerning the usage, storage, dissemination, and deletion of all data we collect. If you would like to know more, download our Data Management Framework by clicking the link below.Download the Data Management Framework
We design, develop, and deliver educational assessments and learning products. Our contracts/agreements are with organizations, ministries of education, and academic institutions, through whom we provide our products and services to their students, educators, and administrators (together referred to as users) at primary, secondary, and post-secondary educational institutions and training organizations.
The data that is collected from the use of our products and services is used to serve the educational goals of our users. It is also used to enhance their learning and assessment experiences on our platforms. We may use account information being provided to connect teachers to the progress that students have on our platforms.
We may also track devices used and their version information to resolve any issues particular to a device, and provide support for different platforms.
The following table summarizes the data processing activities related to the data that is collected from their sources.
|#||Source||Data||Reasons||Legal Basis||Erasure of Data|
|4.1.1||Browsing the Website|| ||Legitimate Interest|| |
|4.1.2||Contact Form||Name, email, institution/organization name||To respond to your request.||Consent|| |
|4.1.3||Newsletter Subscribe Form||To send you periodic updates.||Consent|
|4.1.4||Accessing our Platforms (Account Creation Form and Login Form)||Data as instructed to be collected by the Controller in the contract/agreement.||To provide you with access to the platform.||Contract/Agreement|
|4.1.5||Activity on our Platforms||Activity progress on assessments and learning products.||To support the learning and assessment requirements as per the contract/agreement with the Controller.||Contract/Agreement|
|4.1.6||Data from Controller||Data as instructed to be collected by the Controller in the contract/agreement.||To support the learning and assessment requirements as per the contract/agreement with the Controller.||Contract/Agreement|
|4.1.7||Survey||Data as instructed to be collected by the Controller in the contract/agreement.||To support the survey requirements as per the contract/agreement with the Controller.||Contract/Agreement|
We will retain your data only for the period of time that is necessary under the contract/agreement we have with the Controller of the data or as required by the data law of the jurisdiction we serve. If and when your information is no longer required for the purposes specified by the Controller, we will delete your data.
The data from the sources as outlined in the table under the section Data Processing Activities are available for the respective Controllers to support you with your learning and assessment experiences. It is the requirement of the Controller to inform you on whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data, and the possible consequences of failure to provide such data.
Data Controllers can download a Data Processing Agreement that serves as documented instructions between the Data Controller and Data Processor. This documentation is necessary in some jurisdictions, including the European Union.Download the Data Processing Agreement
At times, we may be required to share your data with affiliated entities that help us provide the service or products you have requested. We will disclose your data to third-parties only under the following circumstances:
In the above cases, we will only disclose data after receiving written consent from the Controller.
We do not transfer any personal information to countries where there is an absence of Adequacy Decision (as per the GDPR). If there is a need to transfer personal information to a country where there is an absence of Adequacy Decision (either due to an operational requirement or an instruction from a Controller of the data), we will ensure that there are appropriate safeguards for the security of the data that is transferred. These safeguards will include contractual agreements with the recipient of the personal data (using standard contractual clauses approved by the European Commission) containing binding and enforceable commitments and adherence to our code of conduct. We will also ensure that the rights of individuals (the data subjects) will be enforceable and legal remedies will be available for them.
You have the following rights to give you more control over how your data is processed by us.
7.1.1. Right to be Informed: You have the right to know what kind of processing is happening to your data.
7.1.2. Right of Access: We will confirm (free of charge) if your data is being held as well as notify you of the type of data.
7.1.3. Right to Rectification: If any personal data is either inaccurate or incomplete, you can request this to be fixed.
7.1.4. Right to Erasure / Be Forgotten: You have the right to have your data erased if the data was processed unlawfully, if you withdraw consent, or if your data is no longer necessary for the original purpose in which it was collected.
7.1.5. Right to Restrict Processing: If you feel the processing of your data is either inaccurate or unlawful, you have the right to stop processing activities.
7.1.6. Right to Data Portability: You have the right to move your data from one organization to another, without any loss of usability.
7.1.7. Right to Object: You can object to your personal data being used for scientific or historical research, direct marketing, processing based on official authority, legitimate interests or in the public interest.
7.1.8. Right to Object Automated Processing: You have the right not to be subject to profiling. We do not analyze your personal information to predict your economic situation, health, location, or personal preferences.
7.1.9. Right to Withdraw Consent: You have the right to withdraw previously given consent to process your personal data.
7.1.10. Right to Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with a supervisory authority. As we have offices in Canada, Luxembourg, and the United Kingdom, you can lodge a complaint with the supervisory authorities in any of these countries.
You can obtain access to your data by submitting a request to our Data Protection Officer at firstname.lastname@example.org. You can also contact your organization, ministry of education (or their agency), or academic institution (i.e., the Controller of your data) with your request. If you would like to request any of your data, download the Data Request Form by clicking the link below, complete the details, and send the document as an email attachment to email@example.com.
Download the Data Request Form