VTEST aims to respect the confidentiality standards relating to the European data protection law entitled General Data Protection Regulation (GDPR).
VTEST understands the importance of providing its users with an environment where they feel safe. VTEST policies on user data protection adheres to the highest requirements of European law.
Who manages the processing of your personal data?
When you use our service through a test center (university, company…), we process your data as a subcontractor.
However, if you access our service directly, we are responsible for the processing of your personal data :
115, rue Cardinet, 75831 Paris Cedex 17, France
When you reside in a country outside the European Union, VTEST makes every effort to comply with applicable local legislation.
What personal data do we process ?
Personal data necessary to our assessment process
In order to assess your skills, we collect and process the following data:
- Your name
- Your first name
- Your gender
- Your date of birth
- Your email address
- Your phone number (mobile)
- Your nationality
- Your home country
- Your mother tongue
- Your photo
- Your ID
- Your secure code
- Your written, audio and video answers
- Your score report
- Your official certificate
- Your navigation environment (IP address, operating system, type of device, date and time of the different evaluation sessions)
Personal data necessary to guarantee the validity of the test
The processing of your exam/assessment data, as well as your sensitive data, is necessary for the performance of the service (GDPR – ART-6). Concerning your sensitive data, their processing is conditioned by your explicit consent (GDPR – ART 9).
In order to guarantee the validity of your identity and/or test results, we collect and process the following data:
- A photo of your identity card
- Your photo
- Photos taken at the test center or photos taken online randomly by the service
- A video taken randomly by the service
- A voice recording
For an online proctoring assessment, these data are processed by an advanced artificial intelligence to guarantee the absence of fraud. In case of suspicion, a duly authorized human being would review your assessment.
Two possible cases
If you use our service through a test center
Your personal data can be collected by one of our authorized test centers. The latter has a legitimate interest in the collection and processing of your data in the context and for the purposes of the provision of performing test and assesment services.
When you use our service through a test center, it determines the retention period of your evaluation data.
If you use our service directly
The processing of your evaluation data is necessary for the performance of our service. Concerning your sensitive data, their processing is based on your explicit consent (article 9 (a), GDPR).
We keep your evaluation data for a period of 5 years from the delivery of results.
In both cases…
With whom do we share your data?
Within the context of our activities and for your own convenience, we rely on third-party service providers to perform a variety of business operations on our behalf. In so doing, we may need to share your information with them. We provide our service providers with only the personal information they need to perform the services we request, and we require that they protect this information, strictly adhere to European legislation on the management of this information and not use it for any other purpose.
Your evaluation data are transmitted to your test center and our subcontractors. For hosting, we use Amazon’s AWS service which meets European requirements for personal data protection. We also use two other subcontractors, NimeOps and PropelledBy, for the IT management and supervision of our systems. We make sure that they ensure the confidentiality and integrity of your personal data.
Processing of your sensitive data
Concerning your sensitive data (photo of your identity card, photos and video photos taken online randomly, voice recording), we keep them for a maximum of 48 hours as from the delivery of results if no security breach has been detected. In case of suspicion of fraud, we could keep your personal data for a period of 6 months.
Furthermore, we do not transfer these data to anyone, not even your test center.
Objective of transparency
Moreover, when an interview is conducted as part of your assessment, we remind you that it can be shared with your authorized test center or another institution if you gave them your secure code.
VTEST does not ask you to install a plugin and does not access the data stored on your computer. Test fraud prevention is only ensured by access to your browser.
Moreover, VTEST is a member of the professional organization Syntec Numérique and the Association of Test Publishers (ATP), which allows it to implement best practices in online testing and data security. A specific insurance contract also allows VTEST to access IT security expertise and recommendations.
Accessibility of VTest service to all
VTEST ensures that its service is accessible to people with disabilities. Thus, VTEST provides candidates with an automated Website accessibility solution which is in line with the Americans with Disabilities Act (ADA) and the Web Content Accessibility Guidelines (WCAG).
Security and integrity of personal data
When you give us personal information, we take steps to ensure that it’s treated securely. To help protect the privacy of your information, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your information to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information.
VTEST uses appropriate technical and organisational measures to protect your personal data from unauthorised use, access, disclosure, alteration or destruction. These precautions include physical, electronic and managerial procedures. VTEST also relies on the Cyber Essential Standards and the Open Web application Security Project (OWASP) to comply with good practices in Information Systems Security.
Age of candidates and permission of the legal representative
When you use our service through a test center, it selects the test administration mode ensuring the proportionality of the means to be used to achieve it and taking into account the age of the candidate. If you don’t have the age required by the law of your country to give your consent to the processing of your personal data, the test center verifies that it has obtained the permission of your legal representative.
When you use our service directly, VTEST takes into account the minimum age at which candidates can consent to the processing of their personal data. Your consent is required for the processing of your sensitive data and to give you your results if you reside outside the European Union. In France, the minimum age is fired at 15 years. Thus, if you are under the age of 15, we need to obtain the permission of your legal representative.
Research & development
For R&D purposes, it is in our legitimate interest to keep your score report for a period of 5 years as from its delivery in order to regularly evaluate our service and design improvements that we feel are necessary.
After 5 years, we keep your score report anonymously by deleting all information that would enable us to identify you personally.
Email for testing services
We may have to send you emails related to the test organisation including : test confirmation, available results, score report and official score report delivery.
Moreover, after the test, we may send you an email to conduct a satisfaction survey for which your participation is voluntary. That’s why we keep your name, first name and email address for a period of 2 years, except in the event that you request their erasure earlier. Personal Data provided in survey responses remain strictly confidential and the results of surveys are anonymised.
Specific web access for test result verification
The secure code we give to the candidate in order to login for the test, is the same we add into the official score report and official certificate. It means that anybody with these documents can access the candidate’s test results. It could be the candidate, the authorized test center, an institution or a recruiter if the candidate is providing the file to a third-party.
VTEST is not displaying the score as public and remains it confidential.
Transfer of information outside the EEA
Within the context of our activities, some information we collect about you might be transferred or processed outside the EEA. For this purpose, however we will take all reasonable steps to ensure that your information is held in compliance with the applicable data protection legislation. Such transfers take place only if the specific requirements as set forth in Articles 44 et seq. of the GDPR are fulfilled in order to ensure an adequate level of protection is guaranteed for such international data transfers in each case.
In particular, when you use our service through a test center that is not located in the European Economic Erea and does not have a level of protection adequate to European standards, we use approved Standard Contractual Clauses to assure an adequate protection of your personal data. You can consult these clauses by clicking on the following :
When you access our service directly and do not reside in the European Economic Erea , the transfer of your personal data is based on your explicit consent provided to us through the relevant mechanism. This transfer is necessary in order to provode our services and communicate your results to you.
How do you exercise your rights and how do you contact us?
When you use our service through a test center, you can contact it to access your personal data, rectify it, request its deletion or exercise your right to limit the processing of your data. When we process your data for R&D purposes, you can object to this data processing and when your consent has been obtained from you in the context of a test or exam, you may withdraw your consent at any time, without affecting the lawfulness of the processing previously carried out. We will help your test center to comply with your request.
Furthermore, when you access our service without going through a test center, you can contact us directly to exercise your rights.
Moreover, you can exercise your right to data portability from your results space. To do so, simply communicate your secure code to the third party of your choice.
Where we process data based on your consent, you also have the right to withdraw your consent at any time but this does not affect the lawfulness of the processing before the date of withdrawl. Finally, you have the right to lodge a complaint with the competent French supervisory authority, which is the Commission Nationale de l’Informatique et des Libertés (CNIL).
How to contact us ?
To exercice your rights, you can contact us directly by clicking on the following link:
VTEST DATA PROTECTION OFFICER – Registration #: DPO-102049
Benoit THAO – President
+33 178 425 124
If you feel, after having contacted us, that your rights are not respected, you can address a complaint to:
CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07 – FRANCE
Version information – Changes and update
This Notice was last updated on January 2022.
We reserve the right to amend this Notice at any time, for any reason, without notice to you, other than the posting of the amended Privacy and Data Protection Notice at our website. We may e-mail periodic reminders of changes to and updates of this Notice, but you should check our website frequently to see the current Privacy and Data Protection Notice that is in effect.