EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US DPF
The privacy of your data is important to us. This document outlines the types of data that we store and what we do with it.
What we store for instructors/training departments
When you sign up for ExamBuilder, we ask for your:
- Name. It is important to know who the account owner is for security
- Company name. In case someone asks for super user access we need to verify the request for security. This happens when someone leaves a company and another person takes over the account
- Email address. To send you invoices.
- Country. To personalize the groups section
We also store your IP address to verify that no unauthorized access has occurred and for other security related events.
As an e-learning company we store your data that may include: exam content, student/employee names, and training materials. ExamBuilder is the custodian of your data; you are owner! We only access your data under the following circumstances:
- You called tech support and we need to log in to your account to resolve an issue
- A bug was reported that cannot be recreated in one of our developer accounts
When you write to us with a question or to ask for help, we keep that correspondence, and the email address, for future reference. When you browse our marketing pages, we track that for statistical purposes or to analyze the most viewed pages and conversion rates based on search terms.
ExamBuilder does not share your information with any third parties! There are no ads on the site; the business model is based on paid subscriptions, not advertisers. Any information provided stays on the ExamBuilder servers while your account is active.
What we store for students/employees
Student accounts can be created by training departments, or, by students themselves who self-register for the system.
Here is what we store:
- Name (required). This can be anonymous or a code, but it is not recommended since training departments often need to look up users by name
- Student ID (required). This is a unique identifier for your account that can be an email address but doesn’t have to be. The advantage to using an email address is that students can receive exam invitations by email
- Photo (optional). Student photos are only viewed by training departments in the instructor portal when accessing a student account or viewing reports. Photos are never used for any other purpose.
- Groups (optional). Some training departments ask students to group themselves by demographic region or job function
We also store your IP address security purposes.
As an e-learning company we store details about the exams that you have taken (score and date of completion), responses to specific questions, and the training that you have viewed. This can only be viewed by the training department that created the content and is never shared outside of that context.
ExamBuilder does not share your information with any third parties! There are no ads on the site; the business model is based on paid subscriptions, not advertisers. Any information provided stays on the ExamBuilder servers while your account is active.
Encryption
All data is encrypted via SSL/TLS when transmitted from our servers to your browser. All database backups are also encrypted. Sensitive data in URL and form fields are also encrypted during transit.
Deleted data
When you cancel your account, we delete all of your data on our servers within 45 days. Anything you delete on your account while it’s active will be purged within 7 days.
Law Enforcement
While we may be required to disclose your personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, ExamBuilder won’t otherwise hand your data over to law enforcement unless a court order says we have to. We flat-out reject such other requests from local and federal law enforcement when they seek data without a court order. And unless we’re legally prevented from it, we’ll always inform you when such requests are made.
Security Safeguards and Onward Transfer
You understand that ExamBuilder uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to provide you with our services. A current list of vendors is available upon request.
In cases of onward transfer to these third parties for data of EU, UK or Swiss individuals received pursuant to the DPF Principles, ExamBuilder is liable unless we can prove we were not a party to the events giving rise to the damages.
Changes & questions
ExamBuilder may update this policy occasionally. We notify you about significant changes by emailing the account owner or by placing a prominent notice on our site. You can access, change or delete your personal information at any time by contacting our support team.
Questions about this privacy policy? Please contact us and we’ll be happy to help!
The Data Privacy Framework for EU, UK and Swiss Data Transfer Into the United States
ExamBuilder complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. ExamBuilder has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. ExamBuilder] has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
With respect to personal data received or transferred pursuant to the DPF program, ExamBuilder is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the DPF, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the DPF, should direct their query to dpo@exambuilder.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to dpo@exambuilder.com.
EU, UK, and Swiss Privacy Complaints
In compliance with the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework, (Swiss-US DPF), ExamBuilder commits to resolve complaints about our collection or use of your personal information transferred to the US pursuant to the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF. European Union, UK, and Swiss individuals with DPF inquiries or complaints should first contact ExamBuilder by email at dpo@exambuilder.com, or via post at:
ExamBuilder, Privacy Officer
455 Tarrytown Road
Suite 1092
White Plains, NY 10607
ExamBuilder has further committed to refer unresolved DPF Principles-related complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to Data Privacy Framework Services, an alternative dispute resolution provider operated by BBB National Programs and based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. The services of Data Privacy Framework Services are provided at no cost to you.
If your complaint involves human resources data transferred to the United States from the EU, the UK, and/or Switzerland in the context of the employment relationship, and ExamBuilder does not address it satisfactorily, ExamBuilder commits to cooperate with the panel established by the EU data protection authorities (DPA Panel), the UK Information Commissioner’s Office (UK ICO), and/or the Swiss Federal Data Protection and Information Commissioner, as applicable and to comply with the advice given by the DPA panel and/or Commissioner, as applicable with regard to such human resources data.
To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to DATA PRIVACY FRAMEWORK SERVICES. In compliance with the EU-U.S. DPF, the UK Extension to the EU-US DPF, and the Swiss-U.S. DPF, ExamBuilder commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK ICO, and/or the Swiss Federal Data Protection and Information Commissioner (FDPIC).
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf
Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm