ExamOnline GDPR Compliance

Our Commitment to Deliver Uncompromising Security and Transparency in Data Handling.

ExamOnline recognizes the paramount importance of data privacy in the contemporary digital landscape. We are steadfastly committed to adhering to the stringent mandates of the General Data Protection Regulation (GDPR), ensuring the confidentiality, integrity, and availability of personal data entrusted to us. This page elucidates our comprehensive approach to GDPR compliance, underscoring our dedication to transparency, accountability, and the safeguarding of individual rights.

Understanding the GDPR Framework

The GDPR represents a landmark legal framework designed to empower individuals with control over their personal data. Applicable to organizations globally that process the personal data of EU residents, the regulation establishes rigorous standards for data collection, processing, storage, and transfer. ExamOnline acknowledges the significance of these principles and has implemented robust mechanisms to ensure adherence.
 

ExamOnline as a GDPR Data Processor

Within the context of online assessments, ExamOnline functions primarily as a Data Processor, acting upon the explicit instructions of our clients, who assume the role of Data Controllers. Our clients determine the categories of personal data required for their specific assessment needs, and ExamOnline facilitates the collection and processing of this data in accordance with their directives. This clear demarcation of responsibilities ensures a structured and compliant data governance model.
 

What is Data Mapping?

Data mapping is the process of visually documenting the journey of personal data within an organization, from collection to deletion. It involves identifying, categorizing, and documenting each step in the data lifecycle, creating a ‘roadmap’ of how data flows. This process is crucial for understanding data processing activities, identifying potential risks, and implementing necessary safeguards for GDPR compliance.

Our GDPR Compliance Approach

ExamOnline’s commitment to GDPR compliance is multifaceted, encompassing the following key tenets:

  • Transparent Data Governance: We maintain a readily accessible and comprehensive privacy policy that articulates the types of data we collect, the rationale for collection, the methodologies of utilization, and the inherent rights afforded to data subjects. We champion open communication and strive to maintain transparency in all our data processing activities. ExamOnline’s Data Privacy
  • Data Minimization: We adhere rigorously to the principle of data minimization, collecting only the personal data that is strictly necessary for the effective administration of online assessments. We eschew the collection of superfluous or excessive information, ensuring that data collection is proportionate to the intended purpose.
  • Purpose Limitation: The personal data we collect is exclusively utilized for the facilitation of online assessments and associated services. We categorically refrain from employing data for any extraneous purposes without explicit, informed consent.
  • Explicit Consent: Where mandated, we implement robust mechanisms for obtaining explicit, unambiguous consent from test-takers prior to the collection of any personal data. This ensures that individuals are fully apprised of and willingly consent to the data processing activities.
  • Robust Data Security: We employ a multi-layered security architecture to protect personal data against unauthorized access, use, alteration, disclosure, or destruction. Our platform leverages industry-leading encryption protocols, both in transit and at rest, and we conduct regular security audits and penetration testing to proactively identify and mitigate vulnerabilities. Our infrastructure is hosted within secure, Tier-IV compliant data centers, and we enforce stringent access control policies to restrict data access to authorized personnel only.
  • Data Retention: We recognize the importance of limiting data retention to the necessary duration. We collaborate closely with our clients to establish appropriate data retention schedules and implement automated data deletion mechanisms in accordance with GDPR stipulations. We provide granular control over retention policies to accommodate diverse client requirements.
  • Data Subject Rights: We are committed to upholding the full spectrum of data subject rights, including the rights of access, rectification, erasure (“right to be forgotten”), restriction of processing, and data portability. While we function as a Data Processor, we will expeditiously forward any such requests received to our clients (the Data Controllers) for prompt review and action. Information on Exercising Data Subject Rights: To exercise any of these rights, please contact us at [email protected] with a detailed description of your request.
  • Data Breach Response: In the improbable event of a data breach, we have a meticulously crafted incident response plan in place. We will notify our clients without undue delay, and in compliance with GDPR mandates, within 72 hours of becoming aware of the breach.
  • Vendor Due Diligence: When engaging third-party vendors to support our service delivery, we conduct rigorous due diligence to ensure their GDPR compliance and adherence to our stringent data privacy standards. We execute Data Processing Agreements with all vendors to delineate responsibilities and ensure accountability.
  • Continuous Monitoring: We maintain a program of continuous monitoring and enhancement of our data protection policies and procedures to remain aligned with evolving best practices and regulatory requirements. Data privacy is an ongoing commitment, and we strive for perpetual improvement in our compliance posture. This document will be regularly reviewed and updated to reflect any changes.

Data Inventory

We maintain a comprehensive inventory of the personal data we process, including:

  • Categories of Personal Data: This includes data such as names, email addresses, IP addresses, assessment scores, and other information necessary for conducting online assessments.
  • Purposes of Processing: Data is processed for purposes such as identity verification, assessment delivery, performance evaluation, and reporting.
  • Retention Periods: Data is retained only for as long as necessary for the specified purpose, and in accordance with agreements with our clients.
  • Lawful Bases for Processing: Processing is based on lawful grounds such as consent, contractual necessity, or legitimate interests.

Challenges of Data Mapping:

We acknowledge that data mapping can be complex due to factors such as:

·         Data Complexity: Organizations often have intricate data ecosystems with various systems and databases.

·         Third-Party Involvement: Data flows may involve third-party vendors, requiring careful coordination and oversight.

·         Evolving Data Ecosystems: Changes in technology and business processes can necessitate frequent updates to data maps.

Benefits of Exceeding Minimum Requirements:

While GDPR sets a baseline, we believe in going beyond the minimum. This demonstrates a strong commitment to data protection, builds trust with our clients and their test-takers, and can provide a competitive advantage. It also strengthens our overall data security posture and mitigates potential risks.

Contact Information:

For any inquiries regarding GDPR compliance or data protection at ExamOnline, please contact us at [email protected] or call us at 
+91 89290 13490.

We use cookies on our website to give you the most relevant experience. By continuing to use the site, you agree to the use of cookies.