Skip Ribbon Commands Skip to main content

Prometric Privacy Statements

Prometric is committed to protecting the personal information of test candidates, website visitors and other individuals with whom we interact.  We have a Global Privacy Program that protects all of the personal information we collect for our own purposes and for our clients, the test sponsors.  This Privacy Program helps ensure that personal information is handled properly. 

These Privacy Statements explain how we use and disclose personal information that we collect from individuals both online and offline, such as in our test centers.  If you have additional questions about privacy or information security, please contact us at DataProtectionManager@prometric.com.

Privacy Statement Index

Safe Harbor Certifications
Privacy Notice Highlights for Test Candidates
Privacy Statement for Personal Information
Privacy Statement for Biometrics
California Privacy Rights
Malaysia Privacy Rights
U.S. Social Security Number Policy Statement
How to Contact Us

 

Safe Harbor Certifications

Prometric complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from individuals located in the European Economic Area and Switzerland.  Prometric has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  To learn more about the Safe Harbor program, and to view Prometric certification, please visit http://www.export.gov/safeharbor/.

Prometric applies the U.S.-EU Safe Harbor Framework and U.S.-Swiss Safe Harbor Framework to all data received from individuals located outside the United States.

 

Privacy Notice Highlights for Test Candidates

Prometric is committed to protecting the privacy and security of all personal information that we process in order to provide testing services to our clients, the test sponsors.  This highlights notice provides a summary of our practices with regard to all of the personal information we collect and use in connection with testing services we offer for our clients.

If you are a test candidate, Prometric will collect and process your personal information only as instructed or permitted by your test sponsor or you.  We will collect and process that information that is reasonably needed to register you for a test (including verifying that you are eligible to take the test and verifying your identity), administer the test (including protecting the security and integrity of the testing process), process the test results, and resolve any issues that may have occurred during the testing process. 

If permitted under applicable law, we may communicate with you regarding other testing events offered by Prometric and your test sponsor.  You may opt-out of receiving these communications at any time. 

We will at all times maintain reasonable and appropriate security controls to protect your information.  We have special controls to protect any sensitive personal information (such as government issued identification numbers and biometrics) that may be collected for security and identity verification purposes.

We may disclose your personal information to your test sponsor, who will use that information in accordance with its own privacy policies.  

We may disclose your personal information to our affiliates and data processors as needed to provide the services that you and the test sponsor have requested. These entities are all contractually bound to limit use of your personal information as needed to perform only the services requested.

We will also always disclose personal information when required to do so by law, such as in response to a subpoena, including to law enforcement agencies and courts in the United States and other countries where we operate. Prometric will comply with all local privacy laws in the collection and processing of personal information, including fingerprint images.

If you are based outside of the United States, your personal information may be transferred to Prometric, test sponsors and data processers in the United States and elsewhere in the world.   Prometric will always protect the privacy and security of your personal information, regardless of where it is processed. Prometric applies the Safe Harbor principles to all data received internationally and within the United States. Personal information transfers from the European Economic Area and other countries with data transfer restrictions will be authorized by our Safe Harbor Certifications.

If you have questions about your privacy rights, please contact us via email to DataProtectionManager@prometric.com.  You can also write us at the address in the How to Contact Us section.

For more information, please read our complete Privacy Statement for Personal Information.

 

Privacy Statement for Personal Information 

This Privacy Statement explains our practices with regard to all “Personal Information” collected and used by Prometric.   This Privacy Statement is effective as of December 31, 2014. 

1. Personal Information 

“Personal Information” is any information that can be used to identify, locate or contact you.  It also includes other information that may be associated with your Personal Information.  Such information may include:

  • Personal contact details
  • Assessment details, including candidate ID number, examinations taken and when, scores related to those exams, how many times an exam or any particular section of exams have been taken
  • Credit card information;
  • Country of residence and country of citizenship
  • Photographs
  • Signature
  • Audio and Video recordings of testing sessions
  • Fingerprint images and templates for Biometric Enabled Check-In
  • Information from identification, verification, or eligibility documents
  • Transaction and Relationship Information including elements that reveal candidate test patterns, test locations, test results, and information about how Prometric websites and applications are used.
2. How Prometric Collects Personal Information

In most cases, we collect Personal Information directly from you.  We will ask you for Personal Information (including Contact Information and Sensitive Information) when you interact with us, such as registering on our website, scheduling a test or taking a test.  In some cases, we collect Personal Information from third parties.  For example, we may receive information from your test sponsor regarding your eligibility to take a test.  We also may receive other Personal Information from third party data suppliers who enhance our files and help us better understand our customers.  These third parties may use cookies, web beacons, and other similar technologies to collect or receive information from our website and elsewhere on the internet to provide us with data measurement services and target ads that address the search criteria of our customers. 

When you register or take a test, we also collect Transaction Information about you during your testing processes.  We also collect Transaction Information when you visit our website, use our applications or contact us, such as for customer service purposes.  

If you interact with us online, we use cookies and other technological tools to collect information about your computer and your use of our website and applications.  We treat this information as Personal Information when it is associated with your Contact Information.  For more information about cookies and other technologies, please see the section Cookies and Other Data Collection Technologies below. 

To help ensure the security and integrity of the testing process, we may also collect information in our test centers using technological means, such as identification document scanners, fingerprint scanners, digital cameras, and audio-video monitoring equipment.  In each case, we only use these technologies as permitted by applicable laws.  If your testing program uses a biometric enabled check in process at the test center, please click here to see our specific privacy statements for biometrics.

3. How Prometric Uses Personal Information 

Prometric uses your Personal Information to fulfill your requests for information and services, to administer testing programs securely and efficiently, and to operate our business in an appropriate manner.  For example:

Test Candidates

  • Prometric will respond to your requests for information about tests and testing opportunities, register you for tests, and provide testing services (including test scheduling and administration, security and detection of cheating, test scoring, reporting and analysis of results, and customer service) and to provide other services related to your account.  As permitted by law, Prometric may send you commercial communications and offers for additional testing or training services on behalf of your test sponsor.
  • Prometric, on behalf of Test Sponsors, will use fingerprint images solely to: (1) administer the tests and verify identity, (2) protect privacy, (3) detect and prevent fraud and misrepresentation by unauthorized candidates, (4) maintain the integrity of the testing process, (5) preserve security of test centers by detecting and preventing unauthorized access to secure areas, and (6) as required by law.

Employees (Active and Potential)

  • If you have applied for employment with Prometric, the Personal Information submitted with your job application will be used only for recruitment and other customary human resources purposes.

Business Purposes

  • We also use Personal Information as needed to manage our everyday business needs, such as payment processing and financial account management, backup purposes to facilitate business continuity, test center management, business planning, contract management, website administration, fulfillment, analytics, security and fraud prevention, corporate governance, business continuity and disaster recovery planning, auditing, reporting and compliance with any legal or regulatory obligations.
4. Why Personal Information Is Disclosed by Prometric

Prometric does not share Personal Information with third parties for their own marketing purposes.  We limit our sharing of your Personal Information as follows:

  • If you are a test candidate, we may share your Personal Information with your test sponsor, which will use and disclose your Personal Information in accordance with its own privacy policies. Prometric acts as a processor for test sponsors, who are our clients.  We send your Personal Information and test results to the test sponsor so that it can provide you with the accreditation, service, license or credential you seek.
  • We may share your Personal Information with our affiliates and authorized test centers, which may only use your Personal Information for the purposes listed above.  For example, we will provide Personal Information to the test center so that it is prepared for you on test day.
  • We may also share your Personal Information with our service providers, who are bound by law or contract to protect your Personal Information and only use your Personal Information in accordance with our instructions. 
  • We may also disclose Personal Information where needed to affect the sale or transfer of business assets, to enable payment processing, to enforce our rights, protect our property, or protect the rights, property or safety of others, or as needed to support external auditing, compliance and corporate governance functions.  We will also always disclose Personal Information when required to do so by law, such as in response to a subpoena, including to law enforcement agencies and courts in the United States and other countries where we operate.

Please note that we may also use and disclose information about you that is not personally identifiable.  For example, we may publish reports that contain aggregated and statistical data about our test candidates or website visitors  These reports do not contain any information that would enable the recipient to contact, locate or identify you.   

5. Cookies and Other Data Collection Technologies

When you visit our website or use our mobile applications, we collect certain information by automated means, using technologies such as cookies, pixel tags, browser analysis tools, server logs, web beacons, and other similar technologies to ensure that we give you the best possible experience on our website.  In many cases, the information we collect using cookies and other tools is only used in a non-identifiable way, without any reference to Personal Information.  For example, we use information we collect about all website users to optimize our websites, to understand and measure website traffic patterns, and to send target advertisements based on such patterns.  Continuing to use our website means that you agree to the use of cookies and you consent to receive other cookies that may be presented while visiting our website.

In some cases, we do associate the information we collect using cookies and other technology with your Personal Information.  This Privacy Statement governs how we use all of this information when we associate it with your Personal Information.

This section describes the types of data we collect by different technologies:

  • When you visit our website, we may place cookies on your computer. Cookies are small text files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser.  Cookies allow us to recognize you when you return.  They also help us provide a customized experience and enable us to detect certain kinds of fraud. In many cases, you can manage cookie preferences and opt-out of having cookies and other data collection technologies used by adjusting the settings on your browser.  All browsers are different, so visit the “help” section of your browser to learn about cookie preferences and other privacy settings that may be available. 

    Our websites may use Flash Cookies (also known as Local Stored Objects) and similar technologies to personalize and enhance your online experienceThe Adobe Flash Player is an application that allows rapid development of dynamic content, such as video clips and animation.  We use Flash cookies for security purposes and to help remember settings and preferences similar to browser cookies, but these are managed through a different interface than the one provided by your web browser.  To manage Flash cookies, please see Adobe’s website at http://kb2.adobe.com/cps/526/52697ee8.html or visit www.adobe.com.  Prometric does not use Flash cookies or similar technologies to serve its own interest-based advertising.

  • Pixel tags and web beacons are tiny graphic images placed on website pages or in our emails that allow us to determine whether you have performed a specific action. When you access these pages or open or click an email, the pixel tags and web beacons generate a notice of that action.  These tools allow us to measure response to our communications and improve our web pages and promotions. 
  • Our server logs and other tools collect information from the device you use to access our website, such as your operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located.  Our server logs also record the IP address of the device you use to connect to the Internet.  An IP address is a unique identifier that devices use to identify and communicate with each other on the Internet. We may also collect information about the website you were visiting before you came to Prometric and the website you visit after you leave our site.  Collecting IP addresses and related data is standard practice on the Internet, and we treat IP addresses as Personal Information.  We use IP addresses for purposes such as calculating website usage levels, helping diagnose server problems, administering the website and combating fraudulent and/or malicious web activity.  We also collect customary information from web browsers, such as your Media Access Control (MAC) address, device type, screen resolution, operating system version and internet browser type and version. We use this information to ensure that our websites function properly for all devices and browsers and for security purposes.

Prometric has relationships with third party advertising companies to place advertisements on its websites and to perform analytics and reporting functions for its websites. These third party advertising companies may place cookies on your computer when you visit our website or other websites so that they can display targeted advertisements to you.  We expect our third party adverting companies to use reasonable efforts to respect browser do-not-track signals by not delivering targeted advertisements to website visitors whose browsers have a do-not-track setting enabled.  Additionally, Prometric does not knowingly allow these third party advertising companies to collect Personal Information in this process, and we do not give any Personal Information to them.  However, this Privacy Statement does not cover the collection methods or use of the information collected by these vendors. For more information about third party advertising or to opt out of being targeted by many third party advertising companies, please visit the Network Advertising Initiative (NAI) at www.networkadvertising.org.  You may also visit www.aboutads.info/choices to learn about how you may opt-out of third-party collection and use of your information for ad targeting.      

6. Social Media Interactions

Prometric’s websites offer you the ability to share your content with your friends using social media, such as Facebook and Twitter.   Use of the “like” button, sharing buttons and other tools is subject to each social media platform’s privacy policies.  

Our websites also use Facebook Social Plugins.  If you are logged into Facebook while browsing on our website, Facebook Social Plugins allows Facebook to share information about your activities on our website with other Facebook users who use our website. For example, Social Plugins allows Facebook to show your Likes and comments on our pages to your friends.  Facebook Social Plugins also allows you to see your friends’ Facebook activity on our website.  Prometric does not receive or control any of the content from Facebook Social Plugins.  For more information about Facebook Social Plugins and other social media tools, click here.

Prometric may allow you to sign in to your online account using Facebook Connect. If you choose to do this, we may collect information necessary to facilitate social interactions such as friend lists, birthday, check-ins, basic profile information and your profile picture but only if the privacy settings you and your friends set within Facebook allow it. We will use the information we collect to create and facilitate an interactive social experience.  We will always comply both with the terms of this privacy statement as well as with Facebook Connect terms regarding use of Facebook profile information.

7. Tell-A-Friend Functions

Prometric offers “tell-a-friend” functionality on our websites.  If you choose to use this function, we will collect Contact Information for your friend.  We will automatically send your friend a one-time email with the information you specified or inviting him or her to visit the site.  Prometric uses this information for the sole purpose of sending this one-time email and does not retain the information.  

8. Mobile Applications

Prometric offers mobile applications that allow you to access your account, interact with us online and receive other information via your smartphone. All Personal Information collected by Prometric via our mobile applications is protected by the terms of this Privacy Statement.   

When you download our mobile applications, you may choose to allow us to obtain your precise location from your mobile device.  We use this information to customize our response to your requests.  For example, if you are searching for a test center, we can display only ones in your area and provide access to real-time maps.  We may also offer automatic ("push") notifications. We will provide push notifications only to those customers who opt-in to receive such notifications from us. You do not have to provide location information to Prometric or enable push notifications to use any of our mobile apps. If you have questions about location and notification privacy, please contact your mobile service provider or the manufacturer of you device to learn how to adjust your settings. 

Prometric also works with third parties that may collect or receive information from your mobile applications and use that information to provide measurement services and targeted advertisements.  For more information about third party advertising or to opt out of being targeted by many third party advertising companies, please visit the Network Advertising Initiative (NAI) at www.networkadvertising.org.  You may also visit www.aboutads.info/choices to learn about how you may opt-out of third-party collection and use of your information for ad targeting.   

9. Your Choices

You can always limit the information you provide to Prometric.  If you are test candidate, however, we abide by the policies of the test sponsor regarding the Personal Information that must be collected in order to take a test.  If you do not wish to provide Personal Information required by the test sponsor, you will need to contact the test sponsor to make other testing arrangements.

You can limit the communications that Prometric sends to you.  To opt-out of commercial emails, simply click the link labeled “unsubscribe” at the bottom of any email we send you. Please note that even if you opt-out of commercial emails, we may still need to contact you with important transactional information about your account. For example, even if you opt-out of emails, we may still send you testing confirmations and reminders, information about test center changes, and information about your test results.  For information on how to opt out of the collection and use of your data by third-parties for ad targeting please see Cookies and Other Data Collection Technologies.

If you have any questions about your choices or if you need any assistance with opting-out, please contact us via email to DataProtectionManager@prometric.com.  You can also write us at the address in the How to Contact Us section below.  If you send us a letter, please provide your name, address, email address, and information about the communications that you do not want to receive.

As permitted by applicable law, you may also withdraw your consent to the processing of your Personal Information.  However, if you exercise this right you may not be allowed to take any further assessments from your test sponsor and your test sponsor may refuse to distribute your exam results.  

10. Access and Correction

Prometric respects your right to access and correct your Personal Information. You may request access to and correction of your Personal Information at any time. If you have an online account, you can log into your account at any time to access and update the information you have provided to us. If you need assistance updating your Personal Information, please contact us via email to DataProtectionManager@prometric.com.  You can also write us at the address in the How to Contact Us section below.

11. Information Security

Prometric has implemented an information security program that contains administrative, technical and physical controls that are designed to safeguard your Personal Information.  For example, we use industry-standard encryption technology to secure Sensitive Information when it is being collected and transmitted over the Internet as well as firewalls, site monitoring and intrusion detection software.

12. Children’s Information

Protecting children's privacy is important to us, and our testing services are generally provided to individuals who are 18 years of age or older.  For that reason, we do not collect any Personal Information from children under 13 years of age on our websites or via our mobile apps.  Parents or guardians of children under 13 must contact us offline in order to register a child for a testing program. 

If you believe that a child has provided information to us, please contact us via email to DataProtectionManager@prometric.com so that we can delete that information.  You can also write us at the address in the How to Contact Us section below.

13. Privacy Policies of Third Parties

This Privacy Statement only addresses the use and disclosure of information by Prometric.  If you are a test candidate, we encourage you to familiarize yourself with the privacy statement provided by your test sponsor.  Test sponsors have their own privacy policies and data collection, use and disclosure practices, and we are not responsible for their practices.

14. Notices to Residents of Countries Outside the United States

Prometric is headquartered in the United States of America.  Your Personal Information may be accessed by or transferred to the United States or to our affiliates and data processors elsewhere in the world.  By providing us with your Personal Information, you consent to this transfer.  We will always protect the privacy and security of your Personal Information, regardless of where it is processed or stored.  Personal Information transfers from the European Economic Area and other countries with data transfer restrictions are authorized under our Safe Harbor Certifications or by other appropriate means. 

15. Changes to this Privacy Statement

From time to time, we may update this Privacy Statement to reflect new or different privacy practices. We will place a notice online when we make material changes to this Privacy Statement.   Additionally, if the changes will materially affect the way we use or disclose previously-collected Personal Information, we will notify you about the change by sending a notice to the primary email address associated with your account.

16. How to Contact Us

Please contact us if you have any questions or comments about our privacy practices or this Privacy Statement.  You can always reach us online at DataProtectionManager@prometric.com.  You can also reach us via mail to:
 
Data Protection Officer
Legal Department
Prometric Inc.
1501 South Clinton Street
Baltimore, Maryland 21224  USA

 

Privacy Statement for Biometrics

Where available, Prometric’s Biometric Enabled Check-In System is designed to improve the security and integrity of the testing process in a way that protects test candidate privacy.  The Biometric Enabled Check-In System converts a fingerprint image to a digital image that is used for identity verification purposes, detects and prevents fraud and misrepresentation, maintains the integrity of the testing process, and improves security of test centers.

How the Biometric Enabled Check-In System Works

To use the Biometric Enabled Check-In System, you must place your finger on a scanner in the test center.  The Biometric Enabled Check-In System equipment will capture an image of your fingerprint and create a digitized representation of your fingerprint (a “template”).  The fingerprint image and template are paired with other personal information you provide (such as your name and information from your identification documents), allowing us to identify you accurately during the testing process and over repeated testing sessions for the same test sponsor.

As you move around the test center, you will be able to use your finger to authenticate yourself at the scanners located throughout the test center, limiting the need to provide additional identification to test center workers.  

For security purposes, Prometric has arranged for all biometric data to be securely transferred to and stored by its vendor Lexis Nexis Risk Solutions.  Lexis Nexis Risk Solutions is contractually required to manage the security and confidentiality of the data, to protect it from unauthorized access, use, disclosure, or alteration, and to retain and destroy the data in accordance with applicable law. 

Purposes and Uses for Biometric Data

Biometric data is used solely to: (1) administer the tests and verify your identity on an ongoing basis as you participate in this and future assessments with your test sponsor, (2) protect your privacy by enabling you to move around the test center without having to present identification documents regularly, (3) detect and prevent fraud and misrepresentation by unauthorized candidates, (4) maintain the integrity of the testing process, (5) improve security of test centers by detecting and preventing unauthorized access to secure areas, and (6) as required by law.

Disclosures of Biometric Data

As a matter of policy, Prometric does not disclose biometric data to any third party (including test sponsors) other than its vendor Lexis Nexis Risk Solutions.  However, in the event of an investigation of cheating, unauthorized testing, or other misconduct, Prometric may disclose the biometric data to your test sponsor or to law enforcement agencies or other third parties who are investigating the security incident.  

Security and Data Retention

Prometric and its subcontractors (including LexisNexis) shall at all times protect Personal Information with operational, administrative, technical and physical security safeguards.

Unless personal data or fingerprint images are being used in connection with an active security investigation; the Test Sponsor, Prometric and/or LexisNexis on behalf of Test Sponsor shall retain candidate data collected through the Biometric Check-In System in accordance with the law in the jurisdiction in which the data was obtained, or for a maximum of five years from the date of the last Assessment or the expiration of the purpose for which your data was collected, whichever is shorter.

Other personal data collected by Prometric during the test registration, new hire, or any other administrative process, is retained by Prometric in accordance with its record retention guidelines, and may also be sent to a Test Sponsor and retained in accordance with the Test Sponsor’s record retention guidelines.

Data Processed in the United States

Prometric will comply with all local privacy laws in the collection and processing of personal data, including fingerprint images.

Data collected by Prometric is processed in Prometric’s data center in Baltimore, Maryland, in the United States or otherwise outside the country in which the Candidate takes an Assessment if the Assessment is administered outside of the United States. Fingerprint images will be stored at LexisNexis Risk Solutions in Alpharetta, Georgia in the United States.

Prometric adheres to the European Union Safe Harbor principles as set forth by the United States Department of Commerce regarding the collection, use and retention of Personal Information covered by this Privacy Policy. Prometric applies the Safe Harbor principles to all data received internationally and within the United States.

To learn more about the Safe Harbor program, and to view the Prometric and Lexis Nexis Risk Solutions’ certifications, please visit http://www.export.gov/safeharbor/.

Individual Rights

You may at any time:

  • request access to and correction of your Personal Information;
  • make any inquiries, requests or complaints in relation to the use of your Personal Information;
  • withdraw your consent to the processing of your personal data (including fingerprint data)*

In each case, you should direct you request, inquiry or complaint to Prometric’s Privacy Team:

Data Protection Officer
Legal Department
Prometric Inc.
1501 South Clinton Street
Baltimore, Maryland 21224 USA
Or via email to: DataProtectionManager@prometric.com;

Consent 

I acknowledge that by checking the appropriate box stating “I consent” (if registering online) or by completing the Test Sponsor’s and/or Prometric’s Registration and Scheduling processes (if registering by telephone) that I have expressly consented to the processing of my personal data, fingerprint images, and assessment results, and that such consent is binding upon me until and unless I affirmatively withdraw that consent.

I understand that failing to check the “I consent“box (if registering online) or affirmatively withdrawing my consent (if registering by telephone) will not prevent me from completing the registration and scheduling process, and that if I fail to consent through either of these processes that I will be given another opportunity to consent to the collection and processing of my personal data, fingerprint images, and assessment results on the day of my Assessment. *I understand that on the day of the Assessment if I exercise my right not to consent, or withdraw my prior consent, to the collection and processing of my personal data, fingerprint images, and assessment results, that depending on the laws of the jurisdiction in which I am taking my Assessment, my Test Sponsor may direct Prometric to not allow me to take the Assessment, or I may be required to contact the Test Sponsor to make other arrangements to take the Test Sponsor’s Assessments.

California Privacy Rights

California Civil Code Section 1798 allows California residents to ask companies with whom they have an established business relationship to provide certain information about the companies’ sharing of personal information with third parties for direct marketing purposes.

Prometric does not share any California consumer personal information with third parties for marketing purposes without consent.

If you are a test candidate, Prometric will provide your personal information to your test sponsor, who may use the information in accordance with its own privacy policies.   

California residents who wish to request further information about our compliance with this law or have questions or concerns about our privacy practices may contact us at DataProtectionManager@prometric.com

You can also reach us via mail to:
Data Protection Officer
Legal Department
Prometric Inc.
1501 South Clinton Street
Baltimore, Maryland 21224  USA

U.S. Social Security Number Protection Policy Statement

Prometric collects Social Security numbers and other sensitive personal information in the ordinary course of its business. Prometric has implemented reasonable technical, physical and administrative safeguards to help protect the Social Security numbers and other sensitive personal information from unlawful use and unauthorized disclosure.  Prometric associates and contractors are required to follow these established procedures, both online and offline.

Access to Social Security numbers is limited to those employees and contractors who have a need to access the information to perform tasks for Prometric. Social Security numbers are only disclosed to third parties in accordance with Prometric’s established policies. Prometric will only disclose Social Security numbers to those service providers, auditors, advisors, and/or successors-in-interest who are legally or contractually obligated to protect them or as required or permitted by law.

​​

AVAILABLE TO ASSIST

Prometric representatives are always available to assist.