1. What kind of information do we collect?
Information you provide
Please find below the type of information we may require from you in order to provide our services on the Platform:
|Type of User||Test Taker||Customer||Testpreneur (developing the tests)|
|address, postal code, city, state||√||√||√|
|date of birth||-||-||√|
|your username and password when you register for an account||-||√||√|
|career related information (e.g. education, job history)||√||√||√|
|the answers you give to test questions||√||-||-|
|communications between you and us||√||√||√|
In some cases, you may provide personal data to us about other people (such as Test Takers). You must ensure that you have given those individuals an appropriate notice that you are providing their information to us and have obtained their consent to that disclosure.
Information we collect when you use our Platform:
- Log file information: We collect information that your browser sends whenever you visit our Platform. This log file information may include information such as your computer’s Internet Protocol address, browser type, browser version, the pages of our Platform that you visit, the time and date of your visit, the time spent on those pages and other statistics.
- Google: Google AdWords remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting Google Ads Settings. Google also recommends installing the Google Analytics Opt-out Browser Add-on for your web browser. This service provides visitors with the ability to prevent their data from being collected and used by Google Analytics. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.
- AppNexus: AppNexus remarketing service is provided by AppNexus Inc. You can opt-out of AppNexus remarketing by visiting the Privacy Privacy on the AppNexus Platform.
2. How do we use your personal data?
We use your personal data to help us provide and support (the services on) our Platform. Here is how:
- Service provision: we use the information to carry out and administer the tests you book, take or develop;
- Communication: sending emails, newsletters, and other messages to keep you informed of the Platform. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link. We also use the personal data to deal with enquiries and complaints made by you relating to the Platform and to address your questions, issues, and concerns;
- Website monitoring: to check the Platform and our other technology services are being used appropriately and to optimize their functionality;
- Platform optimization: improve, test, and monitor the effectiveness of our Platform and diagnose or fix technology problems;
- Managing suppliers: who deliver services to us;
- Easy access: to help you efficiently access your information after you sign in and to remember information so you will not have to re-enter it during your visit or the next time you visit the Platform;
- Statistics: monitor metrics such as total number of visitors, traffic, demographic patterns and patterns in our test results (on an anonymized and aggregated basis);
- Development: develop and test new products and features.
3. Our reasons for using your personal data
We will process your personal data for a number of reasons:
- you have given us consent;
- processing is necessary for our legitimate business interests or those of a third party: provided this does not override any interests or rights that you have as an individual. Our legitimate interests are:
- managing our business and relationship with you or your company or organization;
- understanding and responding to inquiries and User feedback;
- understanding how our Users use the Platform;
- identifying what our Users want and developing our relationship with you, your company or organization;
- improving our Platform and offerings;
- managing our supply chain;
- developing relationships with business partners;
- sharing data in connection with acquisitions and transfers of our business.
4. With whom do we share your personal data?
We share your information with others as follows:
- Customers: We share information of Testpreneurs with (prospective) customers, to inform them on Testpreneur background and credentials, as is provided by the Testpreneurs themselves. We will not rent or sell your information to any third parties;
- Test results: We share information of Test Takers with customers who administered tests to them; we share feedback of Test Takers and customers on tests with the Testpreneurs who authored those tests.
- Suppliers: who support our business including IT and communication suppliers, outsourced business support, marketing, and advertising agencies and back-up vendors. Our suppliers have to meet minimum standards regarding information security and they will only be provided data in line with their function.
- Legal requests and preventing harm: We may access, preserve and share your personal data in response to a legal request (like a search warrant, court order, or subpoena) if we have a good faith belief that the law requires us to do so. We may also access, preserve and share information when we have a good faith belief it is necessary to (i) detect, prevent and address fraud and other illegal activity and (ii) to protect ourselves, you and others, including as part of investigations. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.
5. Safety and security
TestGorilla has taken appropriate technical and organizational measures by using the latest technologies to protect your personal data against loss or unlawful processing. We use safeguards to help keep the information collected through the Platform secure and take steps (such as requesting a unique password) to verify your identity before granting you access to your account. However, we cannot ensure the security of any information you transmit to us or guarantee that information on the Platform may not be accessed, disclosed, altered, or destroyed. We request you to do your part to help us. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to emails between you and us, at all times. We are not responsible for the functionality, privacy, or security measures of any other organization.
6. Your Rights
If you are resident in the European Union, in accordance with European Union privacy law, you have the following rights in respect of your personal information that we hold:
- Access: you are entitled to ask us if we are processing your personal data and, if we are, you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and certain other information about it;
- Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected;
- Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims;
- Restriction: you are entitled to ask us to suspend the processing of certain of your personal data about you, for example, if you want us to establish its accuracy or the reason for processing it;
- Portability: you have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person;
- Objection: where we are processing your personal data based on a legitimate interest (or those of a third party), you may challenge this. However, we may be entitled to continue processing your information. You also have the right to object where we are processing your personal information for direct marketing purposes;
- Automated decisions: you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered;
- Consent: where we are processing personal data with consent, you can withdraw your consent.
Residents in other jurisdictions may have similar rights to the above. If you want to exercise any of these rights, please contact firstname.lastname@example.org.
You also have a right to lodge a complaint with a data protection supervisory authority, in particular in a member state in the European Union where you are habitually resident, where we are based, or where an alleged infringement of Data Protection law has taken place.
7. Third-party applications, websites, and services
8. How long do we keep your data?
We generally keep your information only as long as needed to provide the services on our Platform. We will retain your information as necessary to comply with legal, accounting, or regulatory requirements. Typical retention periods will range from 6 months to 7 years. The retention period for test taker data that is available to customers (e.g. name, email address, and test scores) is 5 years. There are two exceptions: 1) webcam pictures taken as anti-cheating measure will be retained for 6 months and 2) video recordings of test takers answering custom questions will be retained for 2 years.
9. Where will your information be held?
Your information will be held on servers in Germany. We will take steps to protect your information in line with locally applicable data protection requirements.
Our Platform does not address anyone under the age of 16 (“Children”). We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you are aware that your Children have provided us with personal data, please contact us. If we become aware that we have collected personal data from a child under age 16 without verification of parental consent, we take steps to remove that information from our servers.
12. Changes to this Policy
13. How to contact us