Privacy Policy

Welcome to Prometric. We are passionate about creating innovative solutions that empower test takers everywhere to meet and exceed their professional and educational goals.  These Terms and Conditions of Use are the rules of the road - designed to create a positive, law-abiding, ethical community of our users. By using Prometric’s services and solutions you are agreeing to all the terms below.

Terms and Conditions of Use

Welcome to Prometric. We are passionate about creating innovative solutions that empower test takers everywhere to meet and exceed their professional and educational goals.  These Terms and Conditions of Use are the rules of the road - designed to create a positive, law-abiding, ethical community of our users. By using Prometric’s services and solutions you are agreeing to all the terms below.

CONDITIONS OF USE

Prometric LLC and its affiliates ("Prometric") provide this website, test services and solutions (“Services”) expressly subject to the following terms and conditions set forth below ("Terms") provided, however, that other terms of use shall apply with respect to Prometric's affiliates' websites, as specified on each such website. Any use by you of this website or the Services constitutes your agreement to abide by the Terms. We reserve the right to amend or change the Terms at any time by posting the amended terms on this site, and it is your responsibility to ensure that you are aware of the most up-to-date Terms.  Prometric complies with all applicable laws in the jurisdictions where we deliver Services and, as such, if a particular Term herein has the effect of violating a local law in the jurisdiction where individual(s) reside and/or utilize (as applicable) the Services, such Term does not apply to such individual(s).  You agree to use this site only for lawful purposes, and agree not to take any action that might compromise the security or accessibility of the site.       

LICENSE AND SITE ACCESS

Prometric grants you a limited, revocable, non-transferable and non-exclusive license to access and use this site and the Prometric Services for your own personal, non-commercial purposes, subject to the Terms. This site and the Prometric Services and/or Content may not be reproduced, duplicated, copied, downloaded, sold, resold, modified, reverse engineered, used to create derivative works, assigned, sub-licensed, granted as a security interest, transferred or otherwise exploited for any commercial purpose without the express written consent of Prometric. You may not frame or utilize framing techniques to enclose any trademark, logo or other proprietary information (including images, text, page layout and form) of Prometric and/or its affiliates, or use any meta tags or any other "hidden text" utilizing Prometrics 's name or Marks without the express written consent of Prometric. Any unauthorized use terminates the limited license granted by Prometric.

PRIVACY

Please review our full Privacy Policy located by clicking on the Privacy tab which governs your use of our website(s).  You acknowledge and agree to the collection and use of your Personal Data in accordance with the Privacy Policy.   

ELECTRONIC COMMUNICATIONS

When you visit prometric.com or send e-mails to us, you are communicating with us electronically. You consent to receive communications from us electronically. We will communicate with you by e-mail or by posting notices on this site. You agree that all agreements, notices, disclosures and other communications that we provide to you electronically satisfy any legal requirement that such communications be in writing.

COPYRIGHT & TRADEMARKS

All content provided on this site is owned by or licensed to Prometric and/or its affiliates (the "Prometric Content") and protected by United States and international intellectual property laws. Prometric and its licensors retain all proprietary rights to the Prometric Content, and you acknowledge and agree that all such Prometric Content is the property of Prometric and/or its licensors. Prometric Content may not be reproduced, copied, transmitted, distributed, downloaded or used without the prior written consent of Prometric.

ACCOUNT CREATION

If you create an account on this website you agree to accept responsibility for all activities that occur under your account and you shall be solely responsible for maintaining the confidentiality of your login and password information and for restricting access to your account.  Minors under the age of 18 may only create an account with the approval of a legal guardian.  Prometric reserves the right to refuse Services, terminate an account, remove or edit content, and cancel Services in our sole discretion. 

DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITY

THIS SITE IS PROVIDED BY PROMETRIC ON AN "AS IS" AND "AS AVAILABLE" BASIS. PROMETRIC MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OR AVAILABILITY OF THIS SITE, OR THE INFORMATION, CONTENT OR MATERIALS INCLUDED ON THIS SITE. YOU EXPRESSLY AGREE THAT YOUR USE OF THIS SITE IS AT YOUR SOLE RISK, AND THAT PROMETRIC IS NOT RESPONSIBLE FOR ANY DAMAGE TO DATA, SOFTWARE, COMPUTER AND/OR TELECOMMUNICTIONS EQUIPMENT INCLUDING DAMAGE CAUSED BY A VIRUS THAT YOU MAY EXPERIENCE AS A RESULT OF VISITING THIS WEBSITE.

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, PROMETRIC DISCLAIMS ALL WARRANTIES, EXPRESS AND IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. PROMETRIC WILL NOT BE LIABLE FOR ANY DAMAGES OF ANY KIND ARISING FROM THE USE OF THIS SITE, INCLUDING, BUT NOT LIMITED TO, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL AND PUNITIVE DAMAGES. 

Notwithstanding anything contained in these Terms, in no event shall Prometric be liable to you for losses, damages, liabilities, claims and expenses (including but not limited to legal costs and defense or settlement costs) whatsoever, arising out of, or related to, use of or the inability to use this website or the Services.  Prometric’s sole liability for a breach of a condition or warranty implied by law or otherwise, and which cannot be excluded, is limited to either re-performance of the Services or the monetary equivalent of the Services, in Prometric’s sole discretion. 

GOVERNING LAW

Residents of the United States or any non-European Union country:  These Terms shall be governed by and construed in accordance with the laws of the State of Maryland and controlling U.S. federal law as applicable, without regard to its conflict of law principles. 

If you are a resident of the European Union: These Terms shall be governed by and construed in accordance with the laws of Ireland, without regard to its conflict of law principles. 

THIRD PARTY WEBSITES

Any links provided to third party websites are supplied merely as a convenience and are not under the control of or the responsibility of Prometric. 

SEVERABILITY

If a provision of these Terms is found to be invalid, illegal or unenforceable it shall be severed without affecting the remainder of the Terms which shall continue to be valid and enforceable.

Prometric LLC maintains the highest ethical standards in conducting company affairs and in our relationships with customers, suppliers, employees, advisors and the communities in which our operations are located. The Prometric Code of Business Conduct and Ethics affirms our strong commitment to the highest standards of legal and ethical conduct in our business practices.  Our Code applies to all officers, directors and employees of Prometric and its subsidiaries on a global basis, no matter where an employee works. We also expect that those with whom we do business will adhere to the standards set forth in our Code.

To avoid conflicts of interest, we encourage all of our employees to identify any potential conflicts when they arise and notify their manager, Human Resources, or our Legal Department if they are unsure whether a relationship or transaction poses a conflict. Additionally, employees can report all ethics concerns or violations to our code of ethics hotline at 1-888-763-0136.  All issues and concerns will be investigated by the company.

Prometric Privacy Policy

 

Last update: September 2023
 

General information

Prometric LLC is a Delaware, USA, limited liability company with its principal place of business located at 1501 South Clinton Street, Baltimore, Maryland 21224 USA (hereafter, “Company”, “us” or “we”). Prometric may act as the data controller or as data processor depending its relationship to the data subject.

This Privacy Policy (“Policy”) has been drafted and implemented in accordance with the principles set forth herein, to describe our practices regarding the collection and processing of Personal Data about test candidates, clients, contractors and partners. Prometric pays particular attention to the respect of privacy and Personal Data and is committed to complying with this Policy and in accordance with Applicable Law.

In particular, the Company is committed to complying with all data protection laws where the company operates, including:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”);
  • The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020 (“CPPA”);
  • The Personal Information Protection Law of the People's Republic of China (“PIPL”);
  • Other relevant data protection regulations where the Company operates.

“Applicable Law” refers to the relevant country data protection law or applicable regulation relating to data protection.

“Personal Data” means any information relating to an identified or identifiable natural person.

“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

  1. What types of Personal Data do we collect?

Prometric collects the following Personal Data depending on your relationship to the Company and Applicable Law:

  • Contact details including name, address, telephone number, country-specific identification number, email address, login and password information
  • Date of birth
  • Gender
  • Candidate test scheduling details
  • Test assessment details, including test candidate ID number, examinations taken and when, scores related to those exams, how many times an exam or any particular section of exams have been taken
  • Social Security numbers where required by test sponsor for candidates (US)
  • Payment and financial institution information
  • Residence and country of citizenship
  • Photograph
  • Signature
  • Video recordings
  • Audio recordings (as permissible by law and only in specific jurisdictions)
  • Information from identification, verification, or eligibility documents
  • Transaction and Relationship Information including elements that reveal candidate test patterns, test locations, test results, and information about how Prometric websites and applications are used.  

In addition, Prometric may process special categories of Personal Data, as permitted by Applicable Law, that may include:

  • Biometrics (fingerprint images and templates, facial images and templates)
  • Health information or medical data related to test candidates’ requests for testing accommodations
  • Race or ethnicity, as permitted by Applicable Law

  1. How do we collect your Personal Data?

In most cases Prometric collects such Personal Data directly from the individual data subject.

However, in other cases we may receive information from test sponsors or from third party data suppliers to help us better understand our customers. When a candidate visits Prometric’s website, registers or takes an exam, uses our applications, or contacts us we also collect transaction information for customer service purposes.

All Personal Data collected by Prometric via our mobile applications is protected and processed according to the terms of this Policy.  We also offer automatic ("push") notifications only to those who opt-in to receive such notifications from us. No individual is required to provide location information to Prometric or to enable push notifications to use any of our mobile aware applications.

Collection of Biometric Data

Biometric Enabled Check-In System and Prometric’s remote proctoring platform (known as ProProctor) are designed to improve the security and integrity of the testing process in a way that protects test candidate privacy while confirming test candidate identity. These technologies are used for identity verification purposes, to detect and prevent fraud and misrepresentation, to maintain the integrity of the testing process, and improve the security of test centers and remotely-proctored exams.

  1. Why do we collect your Personal Data?

On behalf of our test sponsors, Prometric collects your Personal Data for the purposes of:

  • Scheduling test examinations
  • Verifying identity
  • Administering tests and payments
  • Managing customer service requests
  • Detecting and preventing fraud and misrepresentation by unauthorized candidates
  • Conducting data analytics to maintain the integrity of the testing process
  • Reporting test results to candidate and test sponsor
  • Conducting marketing activities, subject to Applicable Law

For suppliers and other third parties, Prometric collects your Personal Data for the following purposes:

  • Supplier management and administration
  • Invoice processing
  • Know-your-supplier due diligence and other legal requirements

  1. What are the legal bases of processing your Personal Data?

Personal Data is generally collected and processed according to the following legal bases:

  • Your consent for the collection and processing of special categories of Personal Data.
  • Your consent if required by Applicable Law for cross-border data transfers.
  • The performance of a contract which include registering and scheduling for a test, administering that test, fraud prevention and processing of the results.
  • For legitimate business purposes such as invoice processing and financial account management, backup purposes to facilitate business continuity, test center management, business planning, contract management, improvement of testing services provided to our customers, proposing related services and products to existing test candidates, website administration, fulfillment, analytics, security and fraud prevention, corporate governance, disaster recovery planning, auditing, and reporting
  • Compliance with any legal or regulatory obligations.

  1. Disclosure of Personal Data

Personal Data may be shared with other Company affiliates, government agencies or third parties for legitimate business reasons related to the services provided or as otherwise allowed or required by Applicable Law.

The Company may share Personal Data:

  • Within our group such as subsidiaries
  • With our affiliates and authorized test centers
  • With business partners such as test sponsors and service providers to facilitate requests and improve our services
  • With government authorities and public authorities when necessary or required by the authority

Biometric data may be disclosed to a third party only:

  • For an investigation related to alleged misconduct solely for the purposes of an investigation of cheating, unauthorized testing, or other test candidate misconduct. 
  • In relation to lawful requests by regulatory, legal or government agencies with jurisdiction and/or authority to make such requests.   

We execute contracts as required by Applicable Law with our third-parties to ensure that Personal Data is processed in compliance with this Policy and any other appropriate confidentiality and security measures.

  1. How do we store your Personal Data?

Depending on the nature of your relationship with Prometric and per Applicable Law, we store your Personal Data at our secure Oracle cloud infrastructure with servers located in Ashburn, Virginia, United States.

Prometric follows a comprehensive Records Management Program and related retention schedule that it adheres to for the purposes of retention, storage and destruction of all records created in the course of its business including those containing Personal Data.  We also deploy a Data Management strategy that segregates data based on regionally located data servers. 

Subject to Applicable Law, our Company will keep your Personal Data for the duration of the processing, for the lesser period of:

  • five (5) years from the date of the last service, test or assessment; or
  • the expiration of the purpose for which the Personal Data was collected; or
  • the laws of the applicable jurisdiction where the Personal Data was collected. 

Prometric will not keep Personal Data longer than necessary for the above-mentioned purposes. However, Prometric may retain Personal Data longer if necessary to comply with Applicable Law or if necessary to protect or exercise its rights.

Storing of Biometric Data

All biometric data collected in computer-based test centers is securely transferred to and securely stored within Prometric’s secure data center in the European Union and is retained according to Applicable Law in the jurisdiction where it was collected.  Biometric data is stored and secured in Microsoft Azure for a period of thirty (30) days. 

  1. Transfers of Personal Data

In some cases, the use of third parties may involve the transfer of Personal Data to other countries. Our business processes often require the transfer of Personal Data between the Company and its affiliated entities internationally. 

If Personal Data is processed within the EU/ EEA, and in the event Personal Data is disclosed to third parties or in a country not considered as providing a sufficient level of protection according to Applicable Law then the Company will ensure:

  • The implementation of standard contractual clauses as may be approved by the EU Commission;
  • The adoption of appropriate organizational, technical and legal safeguards to govern the said transfer and to ensure the necessary and adequate level of protection under Applicable Law.
  • If necessary, will evaluate the circumstances of the transfer and the legislation of the third country, and if required, complete a data transfer impact assessment to determine if supplemental measures are required to be implemented.

For Personal Data not processed within the EU/EEA, and in the event Personal Data are disclosed to third parties located outside the data subject’s jurisdiction, the Company will ensure that necessary safeguards are in place to protect Personal Data by implementing appropriate legal mechanisms including, as relevant, standard contractual clauses and / or obtaining appropriate consent from data subjects. Those mechanisms may differ depending on the country and relevant Applicable Law.

  1. What are your rights?

Depending on the jurisdiction and Applicable Law, you may have the following rights related to your Personal Data:

  • Right to access
  • Right of rectification
  • Right to erasure
  • Right to restrict processing
  • Right to object to processing
  • Right to data portability
  • Right to decide how your Personal Data is used posthumously

The exercise of such rights is subject to limitations provided by Applicable Law and relevant guidance from Supervisory Authorities.

To exercise your rights, the data subject may contact the Company as described in the section “How to contact us.” We may ask proof of identity in order to respond to the request. If we can’t satisfy your request (refusal or limitation) then we will justify our decision in writing.

California Privacy Rights

California Civil Code Section 1798 allows California residents to ask companies with whom they have an established business relationship to provide certain information about the companies’ sharing of Personal Data with third parties for direct marketing purposes.  Prometric does not share any California consumer Personal Data with third parties for marketing purposes without consent.  If you are a test candidate, Prometric will provide your Personal Data to your test sponsor, who may use the information in accordance with its own privacy policies.      

  1. How do we protect your Personal Data?

Prometric implements a variety of security measures, such as technical, physical and administrative safeguards in order to protect all Personal Data from security incidents or unauthorized disclosure, and more generally from a Personal Data Breach. These security measures are recognized as appropriate security standards in the industry and include, inter alia, access controls, password, encryption, strict time limits for erasure, logging mechanisms and regular security assessments.

In the event of a Personal Data Breach potentially impacting your personal data, Prometric follows its Incident Response Plan and will promptly take appropriate action to mitigate the risks to data subjects.  Such measures may include notifying the appropriate Supervisory Authority and the impacted data subjects, while providing the relevant details of the incident and mitigation measures as may be mandated under Applicable Law (i.e. GDPR or PIPL).

Prometric's Information Security Program is reviewed several times annually by multiple third-party organizations to ensure it meets or exceeds the highest benchmarks available for security and data privacy and protection. In addition, employees and contractors are obligated to promptly report any known or suspected instance of misuse, loss or unauthorized access.

  1. Processing of Personal Data under the People’s Republic of China Personal Information Protection Law (‘PIPL’)

This section applies when Personal Data is located within the borders of the People’s Republic of China (PRC) or when Personal Data is processed by one of our companies located in the PRC.

In accordance with Article 13 of the PIPL, Personal Data may be collected for the following purposes:

  • Based on an individuals’ consent;
  • For the performance of contracts, for legitimate business interests;
  • To fulfill statutory duties and responsibilities or statutory obligations;
  • To process publicly available data;
  • To meet legal requirements.

Following the requirements set out under Article 23 of PIPL and the contents mentioned under Section 4, the transfer and sharing of your Personal Data to a third party will not be made without (1) your specific consent if applicable, or (2) to fulfill the statutory duties under Applicable Law.

Based on the purposes prescribed in this Policy, Personal Data may be transferred to a country or region outside your residence for Processing. At such time, the Company will protect the security of the Personal Data in accordance with Applicable Law, including but not limited to implementing access controls, passwords, encryption standards, strict time limits for retention periods, logging mechanisms and regular security assessments.

The Company will fully inform you of the cross-border data transfer in accordance with Article 39 of PIPL prior to transferring your Personal Data outside the PRC and will obtain your consent, informing you of the following: the name of the outbound receiver, the contact information, the purpose of the Processing, the method of Processing, the type of Personal Data, and remind you of the methods and procedures by which you can exercise your rights under the PIPL. We will request your explicit and separate consent to do this.

As may be required, the Company will carry out a cross-border data transfer risk assessment in accordance with Applicable Law if Personal Data is transferred outside of the PRC.

Under PIPL, Sensitive Personal Data is defined as Personal Data that, once leaked or illegally used, may easily cause harm to the dignity of natural persons grave harm to personal or property security, including information on biometric characteristics, religious beliefs, specially-designated status, medical health, financial accounts, individual location tracking, etc., as well as the Personal Data of minors under the age of 14.

In line with the PIPL and as detailed in Section 2, the processing of Sensitive Personal Data is subject to the separate consent of the individual and is conducted for a specific business-related purpose.

Prometric will not collect Personal Data from minors under the age of 14 without the separate consent of the parent or other guardian. We will only use or disclose Personal Data about a child to the extent permitted by law, pursuant to applicable laws and regulations, to seek parental consent or to protect a child.

In the event of a Personal Data Breach, Prometric shall bear civil liabilities to the data subject if it infringes the rights of the data subject’s personal data, without prejudice to the administrative, criminal or other legal liabilities that shall be assumed by the Data Controller under the PIPL.

  1. Changes to Privacy Policy

The Company may need to update its Policy in order to comply with new or different privacy practices. An updated version of this policy will be made available via an appropriate channel and will apply to data collected subsequent to its effective date.

  1. How to Contact Us

For any inquiries, comments or concerns about this Policy, or in order to exercise the privacy rights permitted to Applicable Law related to Personal Data, please contact our Data Protection Officer at the following address: joseph.srouji@contractor.prometric.com

You can also submit a request related to your personal data by clicking on the following link and complete all of the required fields in the form: Personal Data Requests

You may also reach us via mail at:

Prometric Privacy Program Manager
Prometric LLC, 1501 South Clinton Street
Baltimore, Maryland 21224 USA

After exhausting Prometric’s internal complaint process, if an exam candidate is not satisfied with the resolution, he or she may file a complaint with the Better Business Bureau of Greater Maryland (“BBB”), an alternative dispute resolution provider based in the United States. 

BBB Website:  http://www.bbb.org/greater-maryland/

BBB Telephone:  410-347-3990

BBB Fax:  410-347-3936

Data subjects also have the right to file a complaint directly with the competent Supervisory Authority in their relevant jurisdiction or may take legal action per Applicable Law.

Change Cookie Settings
Cookie Settings