Your integrity and how we handle your personal information is important to us. The GDPR (General Data Protection Regulation) entered into force in May 2018 applying to all citizens of the EU. To make you feel safe with us handling your personal information we would like to explain how we work with it.
Our work with the GDPR already started in 2016, we have analyzed and charted the flow of personal data, made technical changes to the service, established new routines within the company to handle requests and questions related to personal data and ensured there are binding and legally adequate data processing agreements with our external service providers.
We view the work with GDPR-compliance as an ongoing procedure and we keep data protection in mind in our development. We do this to ensure that Digiexam’s services are always in line with any legal requirements concerning the processing of personal data, and to make GDPR-compliance as easy as possible for our customers.
For users of Digiexam
We use your personal information in order to provide the service of doing exams and tests digitally.
You have an agreement with your school that allows them to use your personal information to provide educational services to you, or as an employer. The school then has an agreement with us to allow us to use your personal information on behalf of them to provide our services.
This agreement between us and the school say which of your personal information we are allowed to use and for what purposes.
The purposes for collecting your personal information are:
- Provide the service to allow you to do digital exams and tests
- Improve the service by understanding how you use it
- Provide support for the service
Frequently Asked Questions
Questions regarding your privacy
Questions or requests that you have regarding your privacy should primarily be sent to your school, if there are any questions specific to Digiexam you can contact our Data Privacy Officer at firstname.lastname@example.org.
How do I use my right to be forgotten?
Your primary contact is the school for privacy related questions, this also applies to the right to be forgotten. The school is responsible for handling your personal information as they are the data controller in GDPR-terms, they need to send this request to all services (data processors) they use including Digiexam, and then each service need to request all services it uses to remove your data.
Worth mentioning is that there can be legitimate reasons for not fulfilling your right to be forgotten immediately, reasons can be that you currently are studying at the school or that the personal information needs to be stored according to the law.