Menu
Contact
Request a demo

Privacy Notice

Inspera AS and subsidiaries (“Inspera”, “we”, “us”, “our”) are committed to protecting and respecting your privacy. 

As we provide solutions and services for educational exams, your privacy is important to us and to our clients. This privacy notice (“Privacy Policy”) explains how Inspera processes, stores and shares personal data that we collect from your or that you provide to us and for what purposes we use such information. 

As we provide identity solutions and integration, we also comply with the GÉANT Data Protection Code of Conduct as a requirement for managing identities.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting Inspera.com, Inspera.se, Inspera.dk or Inspera.no (“Site”) or using any of our services you are accepting and consenting to the practices described in this Privacy Policy.

1 Inspera as the Data Controller

For the purposes of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, (“GDPR”), the Norwegian Personal Data Act ("PDA") and any applicable national implementing laws, regulations and secondary legislation relating to the processing of personal data (together “Data Protection Law”), the data controller is Inspera AS of Brynsveien 18, 0667 Oslo, Norway and we confirm that we have a data protection officer (“DPO”) who can be contacted as set out at the end of this Privacy Policy.

2 Why we collect personal data and legal basis for processing

Personal data is information about you that can be used alone, or combined with other information, to identify you personally. Personal data is a broad concept and includes a wide range of information such as name, email address, mailing address, IP addresses and cookie identifiers. Personal data does not include information that has been anonymized so that it does not allow for the identification of a specific individual.

We collect personal data to deliver our Site and Services and provide you with the best experience with Inspera for the following purposes:

  • Use of the Inspera Assessment cloud-based application (SaaS) and associated services
  • Provide customer support, marketing information and customer relations
  • Employment or potential employment as a part of our digitised recruitment process

We rely upon the following legal basis for processing the personal data we collect from you when providing you with access to the Site and Services:

  • Our legitimate business needs.
  • To fulfil our contractual obligations to you.
  • To comply with our legal obligations.

To the extent we process your personal data for any other purposes, we ask for your consent in advance or require that our partners obtain such consent.

3 What personal data we collect from you

You may give us information about you by filling in forms on our Site or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use our Site, apps, subscribe to our services, or use our remote proctoring services (“Services”) or newsletter, search for a product, place an order on our Site, participate in discussion boards or other social media functions on our Site, enter a competition, promotion or survey and when you report a problem with our Site or Services. In particular we collect the following information from you:

3.1 Subjects under the age of 18

Inspera does not collect information from or about people under the age of 18.

For the avoidance of doubt, please note that customers of Inspera may use the Inspera Assessment solution to collect such information. Where such data is collected our customer, not Inspera is the data controller and the customer is responsible for having proper procedures and parental consent in place and the terms of this Privacy Policy do not apply to such information collected by customers.

3.2 Use of Inspera Assessment

The Inspera Assessment cloud service (SaaS) collects information about all users including:

  • End-user full name
  • Username
  • Password of end-users
  • Email address of end-users
  • National identification or social security number of end-users
  • Student identification number of end-users
  • Programme of study, location, cohort, study mode, grade level of end-users
  • Identifying information from 3rd party authentication or authorisation services
  • Metadata related to test events (including work assignments for administrative users)
  • Test submissions including questions and answers
  • Marking and annotation of test submissions
  • Feedback to the test taker
  • Internal comments between marker within the system (not published to test taker)
  • IP address of end-users
  • Event log of administrative actions
  • Event log of test taking actions
  • Process monitoring when using Bring-Your-own-Device (BYOD) to prevent cheating

The information is collected through the Inspera Assessment web application, client browser and the Inspera Secure Exam Browser.

3.3 Customer Relation Management

If you are an existing customer, previous customer or potential customer we collect information relevant for customer relation management and billing purposes. This includes full name, job title or function, organisation, email, phone numbers and company addresses.

The information is collected through email, web forms and other means of communication with Inspera.

3.4 Recruitment Process

In the online recruitment solution, we collect information relevant for any job application. This includes name, email address, date of birth, home address, phone number, profile photo and resume.

The information is collected through the online recruitment solution Homerun used by Inspera.

3.5 Remote Proctoring Services

If you choose to take part in an online test where remote proctoring is used, we may collect the following information, which includes biometric data.

a) Pre-Test Identity Checking

Before you start a test, we will match the facial image of the person in front of the camera with an approved form of picture ID. This is to ensure that the person in front of the camera is the person that is registered to complete the test. 

The information collected includes biometric data and shall include facial data and anything that can and will be captured by your device’s camera, microphone or whatever is shown on the device screen. This data is stored in audio video recordings which are associated with a unique candidate and session ID.

b) Test Session
During the test we will continue to capture audio and video from your device’s camera and microphone along with a capture of the screen of the device used for the test. The audio and video information collected is stored securely by us until the final grade of your test is awarded. The audio and video recording are not a part of the exam itself and do not influence your grade. The recording is only used to prevent cheating, investigate fraudulent activities and to ensure that the individual taking the exam is the actual registered test person. 

The information that is collected includes personal data:

  • about your identity before you start the exam; and
  • during the exam your entire testing session in real-time is monitored and recorded over the Internet through your device via your webcam and microphone so that your face, voice, desk and workspace will be captured and a recording will be made of these images for the purposes of test security and the integrity of the testing process. 

The collection of such information is optional, but necessary if you choose to use our online testing function.

c) Purposes for which we collect Personal Data for Remote Proctoring
All video and audio recordings and biometric data are used for the purposes of:

  • identity verification
  • conducting the test
  • security and integrity of the test and testing process
  • incident resolution, such as fraud prevention

d) Sharing of Remote Proctoring Data
Where you choose to participate in an online test, we shall monitor you remotely while you participate in a test session. 

The video and audio recordings are only used if there is a legitimate suspicion of cheating and the data is only stored by us. We may at any time review recordings if we have any concerns about the integrity of the test session or if concerns are raised by your educational institution who asks us to carry out the online test.

We may disclose information, including the video and audio recording of your test session, which includes special category data, to your educational institution for the purpose of your educational institution verifying that you were the person taking the online test and to check that no test protocols were breached, where the suspicion is justified and after we have reviewed the recording ourselves. 

For information on how your educational institution may collect and use any personal data they collect about you please review the educational institution’s own privacy policy.

e) Deletion
Immediately after your final grade has been awarded, all recordings are automatically deleted, unless there is an ongoing investigation into any recording.

3.6 Information we collect automatically about you

Regarding each of your visits to our Site we may automatically collect the following information:

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
  • Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number. 
  • Information from other online accounts to which you have given us permission to collect data from within your settings or the privacy policies of these other online services. For example, this can be via social media or by choosing to send us your location data when accessing our Site from your smartphone; or it can be from the integrations and connections that you choose to install when using the Services.

3.7 Information we collect automatically about you

We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this Site.

We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.

3.8 Cookies

We use cookies on our Site to distinguish you from other users of our Site. Please see our Cookie Policy for further details on our use of cookies.

4 How we use your personal data

4.1 We use information you give to us:

  • to provide and improve our products and services
  • to perform essential business operations. This includes operating the products, maintaining and improving the performance of the products, developing new features, conducting research, evaluating your suitability for employment opportunities, and providing customer support.
  • to carry out our obligations arising from any contracts entered between you and us.
  • to provide you with the information, products and services that you request from us
  • to notify you about changes to the Site and Services.
  • to ensure that content from our Site and Services is presented in the most effective manner for you and for your computer.
  • to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired, about unless you have opted not to receive such information.
  • to permit selected third parties to contact you by electronic means only if you have consented to this by ticking the relevant consent box situated on the form on which we collected your data.
  • to continually improve our products, including adding new features or capabilities.
  • to evaluate your suitability for employment or recruitment opportunities.
  • as required by applicable laws and regulations.
  • to communicate with you and personalize our communications with you.

     

4.2 We use information we collect about you:

  • to develop aggregate analysis and business intelligence that enables us to operate, protect, make informed decisions and report on the performance of our business.
  • to diagnose product problems and provide other customer care and support services.
  • to administer our Site and Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
  • to inform you about scheduled downtimes and new features.
  • to improve our Site and Services to ensure that content is presented in the most effective manner for you and your computer.
  • to allow you to participate in interactive features of our service, when you choose to do so.
  • as part of our efforts to keep our Site and Services safe and secure.
  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
  • to make suggestions and recommendations to you and other users of our Site or Services about our goods or services that may interest you or them.

4.3 Information we receive from other sources

We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

We will not sell or rent your personal data to anyone.

4.4 Automated decision making

The Inspera Assessment cloud service (SaaS) uses technology to support the invigilators in the marking and grading. This includes semi-automated and automated analysis of the submitted exam and is reviewed by the invigilators responsible for the grading before the grade is final.

4.5 Marketing Communications

We will send you marketing emails if you “opt in” to receive marketing emails when registering on our Site, or if you have enquired about, or purchased any of our goods or services.

Please note, if you change your mind about being sent marketing emails you can “opt out” at any time by clicking the “unsubscribe” link at the bottom of any marketing email. Once you “opt out”, you will no longer receive any marketing emails from us. We will continue to communicate with you regarding your service billing and support via email.

We send push notifications from time to time in order to update you about any service updates, events and promotions we may be running. If you no longer wish to receive these communications, please disable these in the settings on your device.

5 Disclosure of your information

5.1 Information we share with third parties

We may share your information with selected third parties including:

  • any member of our group, which means our subsidiaries.
  • business partners, suppliers and sub-contractors for the performance of any contract we enter with them or you, namely: Google, Zendesk, Amazon AWS, TrackJS, HubSpot, Atlassian, Deviget, Exswap and Beetroot.
  • advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 250 men aged over 25 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women living in London). We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience. 
  • analytics and search engine providers that assist us in the improvement and optimisation of our Site and Services. 
  • credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering a contract with you.

5.2 Information we disclose to third parties

We may disclose your information to third parties:

  • in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets,
  • if we or a member of our group of companies or substantially all of their assets are acquired by a third party, in which case personal data held by them about their customers will be one of the transferred assets,
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions, terms of use and/or any other legal agreements; or to protect our rights, property, safety, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

6 Where we store personal data

Our Services are global and your information (including personal data) may be stored and processed in any country where we have operations or where we engage service providers, and we may transfer your information to countries outside of your country of residence, which may have data protection rules that are different from those of your country of residence.

The personal data that we collect from you may therefore be transferred to, and stored at, a destination outside the European Economic Area ("EEA") or the UK. It may also be processed by staff operating outside the EEA or UK who work for us or for one of our suppliers or partners. Such staff or subcontractors may be engaged in, among other things, the fulfilment of your order, the processing of your payment details or the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing outside of the EEA or the UK. 

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. In particular, this means that your personal data will only be transferred to a country that provides an adequate level of protection (for example, where the European Commission has determined that a country provides an adequate level of protection) or where the recipient is bound by standard contractual clauses according to conditions provided by the European Commission (“Standard Contractual Clauses”).

Personal data is not transferred to third parties without proper data processing agreements. This includes:

  • Data Processing Agreements (DPA) within the EU/EEA.
  • Data Processing Agreements (DPA) with commercial parties in EU trusted countries.
  • Data Processing Agreements (DPA) with commercial parties in the US bound by the Privacy Shield agreement between EU and the USA.
  • Data Export Agreements (DEA) with commercial parties elsewhere.

Our Site and Services are accessible via the internet and may potentially be accessed by anyone around the world. Other users may access the Site or Services from outside the EEA or the UK. This means that where you chose to post your data on our Site or within the Services, it could be accessed from anywhere around the world and therefore a transfer of your data outside of the EEA or the UK may be deemed to have occurred. You consent to such transfer of your data for and by way of this purpose.

7 How we secure your data

All personal data is stored with an industry standard encryption and is transferred over a secure channel using HTTPS and SSL between the service and the client.

For detailed information about security in the Inspera Assessment cloud service, please see our cloud security statement.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site or Services, you are responsible for keeping this password confidential. We ask you not to share any password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will endeavour to protect your personal data, we cannot guarantee the security of your data transmitted to our Site or the Services. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

7.1 Links to other websites

Our Site and Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

8 Your rights as a data subject

You have the right under Data Protection Law, free of charge:

  • to access your personal data,
  • to request erasure or rectification of your personal data,
  • to restrict the processing of your personal data,
  • to transfer your personal data to you in a structured, machine readable and commonly used format,
  • to object to the processing of your personal data, and
  • to withdraw your consent to us processing your personal data at any time.

Please contact us by email at privacy@inspera.com   if you want to exercise any of your rights. We will respond to such queries within 30 days and deal with requests we receive from you, in accordance with the provisions of Data Protection Law.

9 Data Retention

We keep your personal data to enable your continued use of Inspera offerings, for as long necessary to enable us to fulfil the relevant purposes described in this Privacy Policy. This will be for as long as we provide access to the Site or Services to you, your account with us remains open or any period set out in any relevant contract you have with us. However, we may keep some data after your account is closed or you cease using the Site or Services for the purposes set out below.

We usually delete personal data after you have closed your account or ceased using the Services. However we may retain personal data where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce our legal agreements with your, or to fulfil your request to “unsubscribe” from further messages from us.

We will retain de-personalised information after your account has been closed.

Please note: After you have closed your account or deleted information from your account, any information you have shared with others will remain visible. We do not control data that other users may have copied from the Site or Services. Your profile may continue to be displayed in the services of others (e.g. search engine results) until they refresh their cache.

10 Complaints

If you have any complaints about our use of your personal data, please contact us as set out at the end of this Privacy Policy or contact the following data protection supervisory authority. For individuals located in Norway: Datailsynet, P.O. Box 458 Sentrum, NO-0105 Oslo, Norway.

For all other individuals: contact your local data protection supervisory authority in the country in which you are located.

11 Age of Users

This Site and the Services (excluding the Inspera Assessment solution) are not intended for children (persons under 18 years of age) and we do not knowingly collect personal data relating to children.

Where you permit a person under the age of 18 (“Child”) to use the Inspera Assessment solution via your login, you are responsible for taking steps to protect that Child’s privacy in accordance with applicable law, including obtaining consent from the Child’s parents or guardian to the collection of personal data of, or from, the Child.

Should any parent or guardian be concerned that their Child’s personal data has been collected by us, they should contact us as set out at the end of this Privacy Policy.

12 Changes to our privacy notice

Any changes we may make to our Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy. 

This Privacy Policy was last updated on 22 April 2020 and this version replaces any other Privacy Notices previously applicable from this date.

13 Contact us

If you have complaints, questions or comments about our privacy practices, please contact us by email at privacy@inspera.com or by mail to the following address:

Inspera AS
Brynsveien 18
0667 Oslo
Norway

Our Data Protection Officer (DPO) can be contacted at privacy@inspera.com.