Privacy Policy

DigiExam Solutions US Inc. and DigiExam Solutions Sweden AB (together, "Digiexam", "we", "us", "our") know that our users ("you", "your") care about how your personal information ("Personal Data") is used and shared, and we take your privacy seriously.

We are transparent about the type of Personal Data we collect and provide clear information about how we use it. We have taken proper measures to follow applicable data protection laws and regulations and will cooperate with the authorities when required. In the absence of data protection legislation, we act in accordance with accepted data protection principles.

This Privacy Policy describes the types of Personal Data we collect when you use our services or visit our website, why and how we use that data, what security measures we take, how long we retain it, and with whom we share it. It also explains your privacy rights and options. By visiting this website or using the Digiexam Services, you acknowledge our collection and use of your Personal Data as described in this Privacy Policy.

This policy is divided into three parts. Part A covers data we process when you use the Digiexam Services. Part B covers data we collect when you visit our website, including cookies, advertising, and marketing. Part C covers general provisions that apply to all users, including data security, your rights, and how to contact us.

Note for Students and Teachers

This Privacy Policy does not govern the collection, use, or disclosure of Personal Data through the use of the Digiexam Services by the educational institution that has given you access to them. Please contact your institution to better understand its privacy practices as a data controller. Digiexam retains Personal Data processed on behalf of organizations for as long as needed to provide services and as necessary to comply with legal obligations, resolve disputes, and enforce agreements as a data processor.

What This Policy Covers

This Privacy Policy explains Digiexam's treatment and processing of Personal Data that Digiexam gathers when you access or use our website or the Digiexam Services. In this policy, "Digiexam Services" means the Digiexam Exam Platform and Digiexam Lockdown products, together with the related services used to provide, operate, support, secure, and improve them.

"Processing" refers to any operation performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, restriction, erasure, or destruction.

Part A: For Users of the Digiexam Services

This section applies to students, teachers, administrators, and other users who access the Digiexam Exam Platform or Digiexam Lockdown through an educational institution.

Types and Purpose for Personal Data Collection

Data You Provide to Us

We receive and store Personal Data you actively provide to us. The Personal Data required to register or log in to the Digiexam Services is your full name and email address. Student codes may be collected and used by schools to identify students. Depending on a school's policy, those codes can consist of an email address, personal identity number, or the first letters in the student's first and last name.

Additional information used by an organization to identify students is not required, but it may still qualify as Personal Data related to an individual. We may also ask for extra Personal Data to enhance your profile, such as communication preferences, job title, or employer. Any such data is voluntary.

Sensitive Personal Data relating to an individual's neuropsychological variation may be collected when an educational institution requests accommodation settings within the Digiexam Services. This data is classified as special category data under GDPR Article 9 and is only processed on the basis of explicit consent or where necessary to meet obligations in the field of education. Digiexam applies additional safeguards to this data, including strict access controls and purpose limitation.

You can choose not to provide certain Personal Data, but this may affect your ability to use some elements or features of the Digiexam Services. In certain situations, such as data analytics, we anonymize Personal Data so that you cannot be individually identified either directly or indirectly.

Data Collected Automatically

Whenever you interact with the Digiexam Services, we automatically receive and record data on our servers relating to your device's properties. We define this as log data. Log data may include your device's IP address, type and version of operating system, and local time on your device. A client application hash is also collected to help identify a student's device when a computer error has occurred.

Purpose for the Use of Your Personal Data and the Legal Basis

We use the data we receive from you to provide and maintain the Digiexam Services on behalf of our customers, fulfill our obligations as a data processor, respond to your requests, and improve security, functionality, and reliability.

In particular, we use your Personal Data to:

1. create and maintain your account
2. identify you as a user in our system
3. operate, maintain, secure, and improve our services
4. personalize and improve your experience
5. send administrative emails
6. respond to your comments or inquiries

We may also use general data that does not contain Personal Data for internal purposes such as monitoring overall usage trends, metrics, and page views.

Communication

We may contact you by email or other means regarding service-related matters such as administrative notices, security alerts, legal notices, or changes to our terms. These communications are necessary for the operation and use of the Digiexam Services.

We also use Intercom to provide in-app customer support within the Digiexam Services. If you contact support through the services, Intercom may process information such as your name, email address, account details, and the content of your messages so we can help respond to your request and provide support.

Personal Data Retention (Service Users)

Personal Data is never stored longer than necessary for the purposes described above. The criteria for determining the retention period are based on our agreement with your educational institution, legal obligations we must follow, and our legitimate interest in managing the Digiexam Services and related user issues. The same Personal Data can be stored in different locations for different purposes, and it is only accessible by authorized personnel.

In general, we retain Personal Data for as long as your account is active or as needed to provide the Digiexam Services. You may request deletion of your account by contacting privacy@digiexam.com. Personal Data will then be deleted from our database or de-identified when the account is closed.

We store Personal Data according to the user's license requirement or delete the account upon request. Database backups are performed daily and stored for up to 90 days. Log data is stored for up to 180 days. Student data is generally kept during the active contract period, or for the minimum duration required for licensing compliance per customer request within the active contract period. We may also anonymize certain parts of the Personal Data if we need to retain it longer without identifying you.

Part B: For Visitors of Our Website

This section applies to visitors of our website, including prospective customers and anyone browsing digiexam.com. It is separate from the data we process on behalf of educational institutions for their students and staff.

Cookies and Tracking Technologies

When interacting with our website, certain information is provided to us from your browser via cookies. Cookies are identifiers, files, or pieces of information transferred to the computer or mobile device you are using that allow us to recognize your browser and understand how and when you visit pages on our website.

Cookies may provide information about browser type, how you navigate our website, and other tracking statistics. Some of this information may constitute Personal Data to the extent it can be traced back to an individual. We use this information to monitor and analyze the use of our website, increase its functionality and user-friendliness, and better tailor it to your needs.

Most web browsers accept cookies by default and offer their own management tools for removing or limiting them. You may be able to change the preferences on your browser or device to delete, prevent, or limit cookies, though this may affect the functionality of our website.

The legal basis for processing your data through cookies and tracking pixels is your consent, which you provide through our cookie consent banner, powered by Cookiebot, when you first visit our website. You can withdraw or update your consent at any time via the cookie settings available on our website. Please refer to Digiexam's cookie policy for details about the types of cookies used.

Our website includes social media features, and these features may collect your IP address, information about which page you are visiting, and may set a cookie to enable the feature to function as intended. Interactions with features hosted by a third party are governed by that provider's privacy statement.

We also embed third-party videos and interactive product demos on parts of our website. When you load or interact with these features, providers such as Vidyard and Storylane may process technical data such as your IP address, browser and device information, and interaction data in order to deliver the content and measure engagement.

Digiexam uses analytics services to help understand how users interact with our website. These services use cookies and scripts to collect and store data such as user interaction, errors users encounter, device identifiers, frequency of site visits, what pages are visited, and what other sites were used before coming to our website. You may opt out of tracking certain information collected by Google Analytics on our website.

Marketing and Remarketing

When you visit our website, we may collect data about your visit through cookies, tracking pixels, and similar technologies. We use this data for the following purposes:

• measuring website traffic and understanding how visitors use our site
• showing you relevant Digiexam advertisements on other platforms after you have visited our website
• measuring the effectiveness of our advertising campaigns
• following up with prospective customers who contact us or submit a form

Advertising and Remarketing Platforms

To deliver relevant advertising and measure campaign performance, we use the following third-party platforms. Each may set cookies or use device identifiers to recognize your browser across sessions and platforms.

• Google Ads: We use Google Ads for search and display advertising, including remarketing to past website visitors. Google may use cookies to show you Digiexam ads across Google's network. You can manage your Google ad preferences at adssettings.google.com.
• Meta (Facebook & Instagram): We use the Meta Pixel to track conversions and build advertising audiences on Facebook and Instagram. Meta may match your browser data with your Facebook profile. You can manage your ad preferences in your Facebook ad settings.
• LinkedIn: We use the LinkedIn Insight Tag to track conversions and enable remarketing to website visitors on LinkedIn. LinkedIn may match your browser data with your LinkedIn profile. You can opt out in your LinkedIn privacy settings.

Embedded Media and Interactive Demos

Some pages on our website include embedded videos and interactive product demos from third-party providers such as Vidyard and Storylane. These providers may receive technical information such as your IP address, browser details, device data, and information about how you interact with the embedded content.

Digiexam CRM, Lead Data and Data Enrichment

If you contact us or submit a form on our website, we store the information you provide in our customer relationship management service, Digiexam CRM. Depending on the form, this may include contact details such as your name and work email address, organization details such as your school or organization name and job title, product-interest details such as your learning management system, productivity suite, number of students, device types, and how you heard about Digiexam, as well as any support notes you submit. We use this data to respond to your inquiry and for sales and marketing follow-up.

In some onboarding flows, we may first store only your work email address before the rest of the form is completed.

We also derive and store limited CRM metadata server-side, such as the country inferred from your business email domain, the source or form submitted, a default lead status, and internal lead-management flags such as whether an organization is an existing customer or has started a trial.

Newsletters and Marketing Emails

If you subscribe to our newsletter, we use your name and email address to send it to you. We also have a legitimate interest in communicating with prospective customers and may contact you by email or other means about products, services, and events we believe are relevant to you.

Where permitted by law and, where required, with your consent, we may also send surveys, product and service updates, and other promotional communications to website visitors and prospective customers. We may also contact you to request feedback and use limited contact data to protect against fraudulent, unauthorized, or illegal activity.

You may stop receiving newsletters or marketing emails by following the unsubscribe instructions included in those emails or by contacting privacy@digiexam.com.

Testimonials

We may post user testimonials, comments, or reviews on our website which may contain Personal Data. We obtain the user's consent via email or another suitable channel before posting a testimonial that includes Personal Data. That consent may be withdrawn at any time. To request removal of Personal Data from testimonials or comments, contact privacy@digiexam.com.

Legal Basis for Website Data Processing

The legal basis for processing your data through advertising cookies and tracking pixels is your consent, which you provide through our cookie consent banner, powered by Cookiebot, when you first visit our website. You can withdraw or update your consent at any time via the cookie settings available on our website.

For data you actively submit through forms or by contacting us, the legal basis is our legitimate interest in responding to your inquiry and communicating with prospective customers. For newsletters, surveys, product updates, and other marketing communications, the legal basis is your consent where required by law.

Managing Your Preferences

• Cookie consent: Use the cookie settings available on our website to update your preferences at any time.
• Google: adssettings.google.com or the Google Analytics opt-out browser add-on.
• Meta: Your Facebook ad preferences.
• LinkedIn: Your LinkedIn data privacy settings.
• Marketing emails: Unsubscribe via the link in any email, or contact privacy@digiexam.com.

Part C: General Provisions

The following sections describe Digiexam's general privacy practices, including disclosure, security, your rights, and changes to this policy. Some details, such as where Personal Data is stored and which sub-processors are used, may differ depending on whether you use the Digiexam Services or visit our website.

Where We Store Your Personal Data

Personal Data processed in connection with the Digiexam Services is stored on cloud infrastructure provided by Google. Personal Data processed in connection with our website and the Digiexam CRM may be stored or processed using Supabase and PostHog infrastructure located in Europe.

We use Vercel to deploy and host our website. Website-related technical data and logs processed through Vercel may be processed in the United States and other countries where Vercel and its sub-processors operate.

Digiexam takes all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy and applicable data protection legislation.

We use sub-processors who receive and process certain Personal Data on our behalf. All sub-processors are bound by data processing agreements that require them to protect your data in accordance with applicable law. For a complete list of all our sub-processors and where they store their data, contact privacy@digiexam.com.

Disclosure of Your Personal Data

We will not sell or lease your Personal Data in personally identifiable form to anyone. We share such Personal Data with third parties only as described below.

1. Trusted Third Parties: We work with companies and individuals who perform tasks on our behalf and need access to Personal Data to assist us. Unless stated otherwise, they may only use the Personal Data we share with them to provide that assistance. This includes maintenance services, database management, web analytics, and service improvement support.
2. Educational Institutions or Other Course Providers: We share Personal Data with the educational institution or organization linked to your use of the Digiexam Services. For example, teachers, administrators, and account managers may use the platform to prepare and administer exams, and students' data, including test results, may be shared with the institution providing the test.
3. Business Transfers: If we buy or sell assets, are acquired, go out of business, enter bankruptcy, or go through another change of control, Personal Data may be one of the transferred assets. You will be notified of any change in ownership or uses of your Personal Data, including any choices you may have regarding it.
4. Protection of Digiexam and Others: We may access, read, preserve, and disclose data when we reasonably believe it is necessary to comply with law or a court order, enforce our agreements, or protect the rights, property, or safety of Digiexam, our employees, our users, or others. This may include sharing data for fraud protection, credit risk reduction, or to meet lawful requests by public authorities.

Except as set out above, you will be notified when your Personal Data may be shared with third parties, and you will be able to prevent the sharing of such Personal Data where applicable.

General Practices Related to Data Security

We take the security of your Personal Data seriously and use appropriate measures to protect it against unauthorized or unlawful processing and against accidental loss, destruction, or damage. Our security measures are revised over time in line with technological developments and the risks associated with specific processing activities.

You must prevent unauthorized access to your account and Personal Data by protecting your credentials and limiting access to your computer, device, and browser by signing off after you finish using the Digiexam Services.

Digiexam is committed to maintaining the security and confidentiality of users' Personal Data. Measures include limiting employee access to student data based on roles and responsibilities, conducting background checks on employees with access to student data, providing privacy training to relevant employees, and using technical, contractual, administrative, and physical safeguards to protect data from unauthorized access, release, or use.

When you enter Personal Data on our site, we encrypt its transmission using transport layer security, TLS. Where Personal Data is used for statistics or general user activity monitoring, we anonymize the data where appropriate.

Our website or tests provided through the Digiexam Services may contain links to other sites. We are not responsible for the privacy policies or practices of those sites. If you follow a link to another site, you should read that site's privacy policy. If you share your computer or use a public computer, remember to sign off and close your browser window when you finish your session.

Data Breach

If Digiexam is notified about a security breach caused by an unauthorized party, or that Personal Data was used for an unauthorized purpose, we will comply with applicable data protection legislation regarding data breaches and use appropriate measures to mitigate the breach.

Personal Data Rights

As a data subject, you have rights regarding the Personal Data collected and stored about you. In summary, these include the right to:

1. transparency and access with respect to the Personal Data that is stored and processed
2. correction of mistakes in the Personal Data and erasure in certain situations
3. restriction of processing in certain circumstances
4. object at any time to processing based on our legitimate interest, for direct marketing, and in certain other situations
5. lodge a complaint with a data protection supervisory authority
6. data portability, meaning receiving Personal Data in a structured, commonly used, and machine-readable format
7. claim compensation for damages caused by our breach of data protection legislation

You may access and, in some cases, edit, update, or delete Personal Data you have provided to us. You may also decline to share certain elements of Personal Data, but that may limit your ability to use our services. We may use aggregated data derived from or incorporating your Personal Data after you update or delete it, but not in a way that identifies you personally.

The Personal Data you can view, update, and delete may change as the website changes. If you have questions about viewing or updating the Personal Data we have on file about you, contact privacy@digiexam.com. We will respond to your request within 30 days.

Changes to This Policy

Digiexam may modify, add, or remove portions of this Privacy Policy from time to time. We will note any such changes by updating the publication date of this Privacy Policy and inform users when logging on to the Digiexam Services, including a link to the downloadable Privacy Policy on our website.

It is each user's responsibility to review the Privacy Policy when it is changed. If we make significant changes affecting the collection, use, disclosure, or retention of Personal Data, we will also provide an email notice thirty days in advance of implementing those changes.

Contact Us

If you have questions or concerns about this Privacy Policy, please contact our Data Protection Officer at privacy@digiexam.com.

PDF