This site uses cookies so that we can provide you with the best possible user experience. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team understand which sections of the site you find most interesting and useful.
Privacy policy
VTest aims to respect the confidentiality standards relating to the European data protection law entitled General Data Protection Regulation (GDPR).
VTest understands the importance of providing its users with an environment where they feel safe. VTest policies on user data protection adhere to the highest requirements of European law.
Who are we?
We are VTest (115, rue Cardinet, 75831 Paris Cedex 17, France), a company providing a website (“Website”) where you and any other interested party (“Visitors”) may learn about our activity and/or access our platform (“Platform”) and related services (“Services”) which enable (i) businesses – legal entities (“Customers”) to ask for the performance of tests (“Tests”) and (ii) individuals (“Candidates”) to take part in such Tests. In the context of the Website, the Platform and the Services, VTest may collect and/or process information about Visitors, Customers and Candidates as described below.
For Visitors, VTest is the data controller to the extent that you provide us with your personal data.
For Customers, you are the data controller and VTest is the data processor of personal data when using our Platform or Services.
For Candidates, our Customers are the data controllers of your personal data except for any information collected directly from you by VTest.
How do we collect and use your data?
We collect your personal data when you use our Website, Platform and/or Services as a Visitor, Customer and/or Candidate. We do not sell your personal data to others and we only share them with third parties who facilitate the provision of our Services to you.
We use your personal data for the provision of our Services (Art. 6 par. 1 (b)). In certain cases, the processing of your personal data may be necessary for the purposes of our legitimate interests (Art. 6 par. 1 (f) GDPR), such as to communicate with you or to improve and enhance your experience while using the Platform and our Services or for our research and development purposes. We may also rely on your consent where necessary or process your data for our compliance with applicable legislation (Art. 9 par. 1 (a) GDPR)
What personal data do we process ?
Visitor’s data
Visitors may provide us directly with their personal data (such as name, phone number, e-mail address etc.) or we may collect personal information about them (such as IP address) when browsing our Website.
Customer’s data
While using our Platform and Services, Customers may be asked to provide information (such as name, address, phone number, e-mail address etc.) relating to them or to Candidates. It is the Customer’s responsibility to ensure that the collection and processing of any such personal data complies with the applicable data protection legislation.
Candidate’s data
In order to assess your skills, we collect and process the following data:
- Your name
- Your first name
- Your gender
- Your date of birth
- Your email address
- Your phone number (mobile)
- Your nationality
- Your home country
- Your mother tongue
- Your photo
- Your ID
- Your secure code
- Your written, audio and video answers
- Your score report
- Your official certificate
- Your navigation environment (IP address, operating system, type of device, date and time of the different evaluation sessions)
For an online proctoring assessment, these data are processed by advanced artificial intelligence for delivering the results of the assessments.
Personal data necessary to guarantee the validity of the test
Furthermore, in order to guarantee the validity of your identity and/or test results, we collect and process the following data:
- A photo of your identity card
- Your photo
- Photos taken at the test center or photos taken online randomly by the service
- A video taken randomly by the service
- A voice recording
For an online proctoring assessment, these data are processed by advanced artificial intelligence to prevent fraud. In case of suspicion, a duly authorized human being would review your assessment.
Sensitive data
Concerning your sensitive data (photo of your identity card, photos and video photos taken online randomly, voice recording), we keep them for a maximum of forty-eight (48) hours as from the delivery of results if no security breach has been detected. In case of suspicion of fraud, we could keep your personal data for a period of six (6) months.
Furthermore, we do not transfer these data to anyone, not even your test center. These data are being collected for identification and integrity verification purposes and they are not transferred to any third party.
How long do we keep your personal data?
We will keep your personal data for as long as necessary in accordance with applicable legislation.
We may retain your evaluation data for a period of up to five (5) yearsfrom the delivery of results, after the expiry of which we keep your score report anonymously by deleting all information that would enable us to identify you personally.
For more information on where and how long your personal data may be retained, please use the following form.
With who do we share your personal data?
Within the context of our activities and for your own convenience, we rely on third-party service providers to perform a variety of business operations on our behalf. In doing so, we may need to share your information with them. We provide our service providers with only the personal information they need to perform the services we request, and we require that they protect this information, strictly adhere to the applicable legislation on the management of this information and not use it for any other purpose.
Your evaluation data are transmitted to your test center and our subcontractors. These providers may operate or support certain functions of our Services and in some cases, collect information directly from you.
For hosting, we use Amazon’s AWS service which meets European requirements for personal data protection. We also use two other subcontractors, NimeOps and PropelledBy, for the IT management and supervision of our systems. We make sure that they ensure the confidentiality and integrity of your personal data.
Security and integrity of personal data
When you give us personal information, we take steps to ensure that it is treated securely. To help protect the privacy of your information, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We limit access to your information to those employees who need to know that information to provide services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information.
VTest uses appropriate technical and organizational measures to protect your personal data from unauthorised use, access, disclosure, alteration or destruction. These precautions include physical, electronic and managerial procedures. VTest also relies on the Cyber Essential Standards and the Open Web application Security Project (OWASP) to comply with good practices in Information Systems Security.
Moreover, VTest is a member of the professional organization Syntec Numérique and the Association of Test Publishers (ATP), which allows it to implement best practices in online testing and data security. A specific insurance contract also allows VTest to access IT security expertise and recommendations.
Transfer of information outside the EEA
Within the context of our activities, information we collect about you might be transferred or processed outside the EEA. For this purpose, however we will take all reasonable steps to ensure that your information is held in compliance with any applicable data protection legislation. Such transfers take place only if the specific requirements as set forth in Articles 44 et seq. of the GDPR are fulfilled in order to ensure an adequate level of protection is guaranteed for such international data transfers in each case.
In particular, when you use our service through a test center that is not located in the European Economic Area and does not have a level of protection adequate to European standards, we use approved Standard Contractual Clauses to assure an adequate protection of your personal data. You can consult these clauses by clicking on the button.
If you access our service directly and not through a test center, and you do not reside in the European Economic Area, you hereby grant us explicit consent to transfer your personal through the relevant mechanism, according to the provisions of Art. 49 par. 1 (a) GDPR. This transfer is necessary in order to provide our services and communicate your results to you.
Age of candidates and permission of the legal representative
When you use our Services through a test center, it selects the test administration mode ensuring the proportionality of the means to be used to achieve it and taking into account the age of the Candidate. If you don’t have the age required by the law of your country to give your consent to the processing of your personal data, the test center verifies that it has obtained the permission of your legal representative.
When you use our service directly, VTest takes into account the minimum age at which candidates can consent to the processing of their personal data. Your explicit consent is required for the processing of your sensitive data (Art. 9 par. 1 (a) GDPR) and to give you your results if you reside outside the European Union (Art. 49 par. 1 (a) GDPR). In France, the minimum age is fixed at fifteen (15) years. Thus, if you are under the age of fifteen (15), we need to obtain the permission of your legal representative.
Email for testing services
We may have to send you emails related to the test organization including: test confirmation, available results, score report and official score report delivery.
Moreover, after the Test, we may send you an email to conduct a satisfaction survey for which your participation is voluntary. That’s why we keep your name, first name and email address for a period of two (2) years, except in the event that you request their erasure earlier. Personal Data provided in survey responses remain strictly confidential and the results of surveys are anonymized.
Specific web access for test result verification
The secure code we give to the Candidate in order to login for the Test, is the same as the one we add into the official score report and official certificate. It means that anybody with these documents can access the Candidate’s test results. It could be the Candidate, the authorized test center, an institution or a recruiter if the Candidate is providing the file to a third-party.
VTest does not display the score to the public and keeps it confidential.
Cookies
We use cookies (small text files placed on your device) to support our Website, to provide our online services and to collect information. Cookies allow us, among others, to store your preferences and settings, to provide interest-based advertising, and to analyze how our Website and online services work.
To learn more about the cookies we use and how to adjust their use to your wishes, please read the related page.
How do you exercise your rights and how do you contact us?
Your rights
You have the right to request access to your personal data. You also have the right to:
- rectify or erase (in certain circumstances) your personal data;
- restrict or object to the processing of your personal data; and
- receive (under conditions) your personal data so that you can use it elsewhere.
When you use our service through a test center, you can contact it to access your personal data, rectify it, request its deletion or exercise your right to limit the processing of your data. When we process your data for R&D purposes, you can object to this data processing. We will help your test center to comply with your request.
Furthermore, when you access our service without going through a test center, you can contact us directly to exercise your rights.
Moreover, you can exercise your right to data portability from your results space. To do so, simply communicate your secure code to the third party of your choice.
Where we process data based on your consent, you also have the right to withdraw your consent at any time but this does not affect the lawfulness of the processing before the date that you withdrew your consent.
Finally, you have the right to lodge a complaint with the competent French supervisory authority, which is the Commission Nationale de l’Informatique et des Libertés (CNIL):
CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07 – FRANCE
https://www.cnil.fr/fr/plaintes
How to contact us ?
To exercise your rights, or for any question about the processing of your data you can contact us directly through the following form: