GDPR Declaration to end users

Management and processing of personal data in Inspera Assessment


Inspera uses data on behalf of your education institution

Your education institution decides which data we can process, and how we can use it. Inspera will never process data in any other way or for any other purpose than what is agreed with your education institution. The information given below is general, and your education institution may restrict some of the stated uses below. Your institution may for example choose to exclude your name and/or email address from the data that we receive.


Inspera processes and stores data on behalf of the educational institution.


What data do we hold and for what purpose?

Data you give us or that is transferred from your institution can include:

  • name
  • email address
  • student or employee ID-number - or anonymous identifiers such as Candidate ID

Inspera uses this data to identify you as a user, and to ensure that data is only viewable by those who have a legitimate reason (and permission) to do so.

For test takers, we may also receive and use data including:

  • the answers you enter when you take a test in Inspera Assessment
  • grades and marking comments made on your submission
  • information on extra time given for test-taking

We use this data to provide the test-taking services for each test taker. Information on answers to questions is also used anonymously to analyse questions and improve learning.

Data we collect automatically when you use Inspera Assessment.

We may process and store:

  • information on browser and operating system
  • IP address
  • information on results from plagiarism checks
  • time spent on each question

We use this data to make the services work on your device, to aid troubleshooting, and to document user behaviour relevant to the correctness of the exam.

We also log user-related events on the system to support and control the workflow. For instance, we log an event if staff members view or alter question sets.




Who can access my data in Inspera?

Staff authorised by your institution may see parts of your data, as well as Inspera staff tasked by your institution.

Inspera also uses other companies to deliver our service. Inspera is responsible for how third parties process data.

  • Amazon Web Services physically store your data in data centres inside of the EU

If your institution has consented, we may also use third-party solutions to process selected data, including the following situations:

  • Track.js receives, but does not store your IP-address to assist quick troubleshooting
  • Your educational institution may have an agreement with a third-party plagiarism checker. In that case, we transfer the text you have written in Inspera Assessment to this service, but without any information that identifies who has taken the test



How does Inspera store and protect your information

One of Inspera’s highest priorities is our customers’ needs for data privacy and security. As a standard part of our business, we have technical solutions and routines in place to ensure that data is kept secure and inaccessible for those who do not have the right to access.

Our privacy design principles include:

  • Minimisation: We collect only the data needed to provide the service to our users and customers. We never keep or sell personal information for any other purpose

  • Anonymisation: We anonymise data before making secondary use of them in statistics


  • Pseudonymisation: We offer to run tests using candidate IDs instead of names or other direct identification of the test taker



Last update: April 24th, 2018