Effective Date: April 20, 2020
Please read the following carefully to understand our practices regarding the collection and use of your personal information.
Table of Contents
- The Information We Collect
- Where We Store Your Data
- How We Use Your Information
- Disclosure of Your Information
- Requesting, Updating, Correcting or Deleting your Personal Data
- Choosing to Exercise Your Privacy Rights
- Lawful Basis for Processing
- Data Security
THE INFORMATION WE COLLECT
We may collect the following categories of personal data, although not all categories may be collected about every individual:
- Personal identifiers, such as name, address and student ID number
- Device and online identifiers and related information, such as email address, username, IP address, telephone number, browser type and information, operating system, and device platform
- Location information, such as geo-location information
- Purchase history information
- Educational progress and exam results when using our courseware
- Technical support and sales email and chat transcripts
Information you give to us:
This is information about you that you give us directly when you interact with us. You may give it to us by filling out a form on our Websites, corresponding with us by phone, e-mail, chat, or at an in-person event. It includes information necessary to receive product and service information, register for an Application account, pay for a license or subscription, or place an order for other services we provide. It also includes information shared when you submit a query to Customer Support or report feedback about or a problem within our Services. When you create an account for the Application, we require you provide us your first name, last name, email address and telephone number. When you make a purchase from us, we do not store sensitive cardholder data such as full credit card numbers or card authentication data on any of our systems.
Information we collect about you from your use of our Websites:
Using cookies and other technologies, we may automatically collect information from you each time you visit our Websites. This includes technical information, information about your visit, and information about your activity on our Websites such as courses searched and viewed, length of visit to certain pages, page interaction information (such as scrolling, clicks, and mouseovers), methods to browse to and away from a page, and methods used to contact our sales and support teams. Technical information may also include the IP address used to connect your computer to the Internet, browser type and version, operating system, and device platform. See "Cookies and Other Technologies" below for more information.
Information we collect about you from your use of our Application:
We will automatically collect information from you each time you use our Application. This includes the IP address used to connect your computer to the Internet, browser type and version, operating system, and device platform. It also includes progress data related to your use of the Application - including time spent on and the results of lessons, videos, labs, exams, etc.
Information we receive from other sources:
This is information we receive about you from third parties that we work closely with to provide, promote, and improve our Services. These third parties include educational institutions, marketing list providers, analytics providers, and search information providers.
Our role and responsibility when handling your personal information:
Data protection laws require companies to describe their role and responsibility when handling personal information:
- When users access our Websites and view information about us and our technology, communicate with us, contact our Customer Support department, download whitepapers, register for events, etc., we are the data controller.
- When an individual signs up directly as a user of the Application (not as part of a school or employer), we are the data controller for all personal information provided by that user and collected by the Application as the user accesses and uses it. This personal information typically includes first name, last name, email address and telephone number.
- When an individual engages with the Application because their school or employer has signed up to use our Services, then the user's school or employer is the data controller with respect to the user information it provides to us. This information includes first name, last name, email address and, if provided by the school, student ID. Where your school or employer is a data controller in this way, we act as a data processor under data protection laws, meaning we use the information to provide a service to your school or employer.
Cookies and Other Technologies
WHERE WE STORE YOUR DATA
HOW WE USE YOUR INFORMATION
We use information held about you in the following ways:
- To facilitate your use of our Application, including communicating with you about your account or the availability of our Services
- To present content from our Services in an effective manner for you and for your computer and browser configuration
- To facilitate the technical functioning of the Application, including troubleshooting and resolving issues and securing the Application
- To improve our products and services, and to develop new products and services
- To process your requests and orders of products and services and for technical support
- To provide you with information, products or services that you request from us or which we feel may interest you
- To carry out our obligations arising from any contracts entered into between you and us, including for billing and collection
- To provide Application progress information to authorized personnel at your school or employer
- To send you advertising communications regarding our various products and services. Note that TestOut does not send advertising/marketing communications to students who are currently enrolled at a school.
DISCLOSURE OF YOUR INFORMATION
REQUESTING, UPDATING, CORRECTING OR DELETING YOUR PERSONAL DATA
Right to Access Your Data: You can ask us for a copy of your personal data in a readily usable format. To request your personal data, you can email firstname.lastname@example.org or call toll free 800-877-4889, making such request. We will respond within 45 days of your request or, if reasonably necessary, we may inform you that an additional 45 days is required in which case we will give you your personal data within 90 days from your initial request. You can ask us to provide you with this information up to two times in a rolling 12-month period. When you make this request, the information provided may be limited to personal information we collected about you in the previous 12 months.
Updating or Correcting Data: You can edit some of your personal data through your Application account. You can also ask us to update or correct your data in certain cases by emailing email@example.com, particularly if it is inaccurate.
Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held). However, to the extent your personal data is necessary to be maintained as described by law, we may retain and use such information.
Delete Data: You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide our Services to you). Once we receive a request, we will delete the personal data (to the extent required by law) we hold about you as of the date of your request from our records and direct any service providers to do the same. We will also inform you whether we have complied with your request and to what extent your personal data will be deleted. Please note that in some cases, deletion may be accomplished through de-identification of the information.
If you engage with the Application because your school or employer has signed up to use our Services, then any request from you to correct or delete your data in the Application will need to first be approved by your school or employer as they are the data controller.
As required or permitted under applicable law, please note that we may take steps to verify your identity before acting on your request to exercise your rights to access, correct, or delete your data. You can designate an authorized agent to make a request for your personal data on your behalf once we have verified your identity.
CHOOSING TO EXERCISE YOUR PRIVACY RIGHTS
We will not discriminate against you for exercising your privacy rights. This generally means we will not deny you services, charge different prices or rates, provide a different level of service, or suggest that you might receive a different price or level of quality for services.
LAWFUL BASIS FOR PROCESSING
We will only collect and process personal data about you where we have a lawful basis. Lawful bases include consent (where you have given consent), and contract (where processing is necessary for the performance of a contract or agreement e.g., to deliver the Services you have requested), and other legitimate interests.
Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object.
Access by you to your Application account is available through a unique username and password selected by you, or through an integration between your school/company LMS system and the Application. We recommend that you do not divulge your username and password to anyone, and that you change your password often using a combination of letters and numbers. We cannot be held accountable for activity that results from your own neglect to safeguard the secrecy of your username and password. If you share a computer with anyone, you should always log out of your account after you are finished in order to prevent access to your information from subsequent users of that computer.
We store your personal information only on servers with restricted access that are located in secured facilities, and use a variety of technologies and procedures intended to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. All Application data is fully encrypted both in transit and at rest using industry-standard encryption methods. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal data, you acknowledge that: (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity and privacy of any and all information and data exchanged between you and us through our Services cannot be guaranteed and we shall have no liability to you or any third party for loss, misuse, disclosure or alteration of such information; and (c) any such information and data may be viewed or tampered with in transit by a third party.
In the unlikely event that we believe that the security of your personal data in our control may have been compromised, we will try to notify you. To the extent you have provided us with your email address, we may notify you by email and you agree to our use of email as a means of such notification. If you prefer for us to use another method to notify you in this situation, please contact Customer Support at https://www.testout.com/support with the alternative contact information you wish to be used.
INFORMATION ABOUT OUR PARTICIPATION IN PRIVACY SHIELD
Under the EU-U.S. Privacy Shield Framework, we are responsible for the processing of information about you we receive from the EU and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers and remain liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, TestOut Corporation commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: firstname.lastname@example.org
Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We reserve the right to disclose your personal information as required by law and when we believe that disclosure is necessary to protect our rights or to comply with a judicial proceeding, court order, or similar legal process served on us or our Site.
50 S Main Street
Pleasant Grove, UT 84062
We will respond to your request within 45 days or, if reasonably necessary, we may inform you that an additional 45 days is required.
Within the scope of this privacy notice, if a privacy complaint or dispute cannot be resolved through TestOut Corporation's internal processes, TestOut Corporation has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe under the Privacy Shield Dispute Resolution Procedure, please submit the required information to VeraSafe here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/