PSI Services LLC and the PSI Group Companies (“collectively, PSI”) recognises that a number of its customers, exam candidates, and PSI website (the “Site”) users value their privacy. As a result, PSI works to protect personal information capable of identifying an individual (“Personal Data“) collected through its business or generated through the Site.
In this Privacy Notice, PSI describes how and why it collects, uses and stores your Personal Data, the lawful basis on which your Personal Data is processed, what rights you have in relation to PSI’s processing of your Personal Data and what you can do if you have any questions or are not satisfied. This includes any rights you have, or obligations PSI has, as a result of the EU General Data Protection Regulation (GDPR). PSI’s contact details are at the bottom of this document.
- Who is Responsible for your Personal Data?
- The Information We Collect About You
- Purposes of Processing Personal Data
- Lawful Grounds for Processing Personal Data
- Parties To Whom Information May Be Disclosed & How Information Is Used
- Storage and Retention of Personal Data
- Confidentiality and Security
- Additional Information
- Your Rights
- Exercising Your Rights
- Data Protection Officer, Representative and Complaints to Data Protection Supervisory Authorities
Who is Responsible for your Personal Data?
PSI Services LLC is the data controller for any data submitted through this Site. The PSI entity with which you take a test will be the controller for that information. In addition, where processing of personal data is undertaken by another company within the PSI Group, for their own purposes, these other companies may also be controllers of your personal data.
The Information We Collect About You
We collect information directly from you, from third parties, and automatically when you use our Site. This includes when you register to take a test, use our services (e.g., take a test), contact us (e.g., customer services), and for other purposes as set forth below. The type of information that we collect about you depends upon your interaction with our Site and our services, and may include any one of more of the following:
Licensure Testing Candidates:
Whether a candidate registers and completes an exam in person, or online using the ATLAS® platform, each candidate may, depending on the licence or exam, be required to provide some or all of the following personal exam information: first and last name, address, phone numbers, date of birth, email address, state identification number, social security number and credit card information, and at some testing locations digital photographs, fingerprints and/or signatures (“Exam Information). Upon completion of your exam, we also maintain your exam information.
We collect information directly from you and from third parties related to the licences that you hold or seek to hold including, but not limited to the following: licence application information, licence activity, licence history, information relating to continuing education credits, public complaints, board actions taken against the licensee, or any public actions taken against licensee by regulatory boards or agencies (“Licensee Updates”).
Corporate Talent Assessment:
Many of PSI’s clients are corporations (“Corporate Clients”) that use PSI’s system to deliver exams to their job candidates. As such, PSI collects and maintains the Personal Data and Exam Information of such job candidates, as well as job applicant demographics (collectively the “Job Demographics”) in PSI’s Files. We collect this Personal Data directly from individuals and from our Corporate Clients.
PSI provides a credentialing service on behalf of test sponsors, whereby PSI provides the platform and the testing service related to the credential provided by the test sponsor. PSI collects information on contracts, deliver / shipping addresses, credentials in question, usage of website, contact details, IP addresses and biographical information from the individuals seeking credentials.
PSI provides a service whereby clients who may conduct examinations outside of a PSI testing centre use PSI’s remote proctoring service. This service requires the users to log onto the PSI Remote Proctoring platform and the user takes the examination while being monitored through their webcam, microphone and through their computer’s desktop which are all accessible to a remote examiner. We collect this information, and copies of the examinee’s identification document, for identity verification of the person conducting the examination, for fraud prevention, security and integrity, and as otherwise required by law.
Special Categories of Personal Data and Personal Data relating to Criminal Convictions and Offences:
PSI may also collect from you information that is classified as special categories of personal data such as data revealing your political opinions, your religious or philosophical beliefs or concerning your health, and data relating to actual and alleged criminal convictions and offences.
Data We Collect from Third Parties:
Certain information listed above, including information on job and test applicant demographics, are provided by third parties, including our Corporate Clients.
Data We Collect Automatically:
Purposes of Processing Personal Data
We use your information, including your Personal Data, for the following purposes:
- The on-boarding of users into the relevant process, including any associated identity verification activities and cheques required to comply with legal and regulatory obligations;
- carrying out any assessment according to the criteria set out for the related underlying service and assessing your suitability for the specific purpose of the underlying service;
- providing products and services to you and ensuring their proper execution, for example by being able to identify you;
- in accordance with applicable law, to market our products and services to you, including through electronic mail correspondence;
- managing our relationship with you, including communicating to you in relation to the products and services you obtain from us and our partners, and handing customer service-related queries and complaints;
- helping us to learn more about you as a customer, the products and services you receive, and other products and services you may be interested in receiving, including profiling based on the processing of your Personal Data, for instance by looking at the types of products and services that you use from us, how you like to be contacted and so on;
- taking steps to improve our products and services and our use of technology, including testing and upgrading of systems and processes, and conducting market research to understand how to improve of our existing products and services or learn about other products and services we can provide;
- meeting our on-going regulatory and compliance obligations including in relation to recording and monitoring communications, disclosures to tax authorities, financial service regulators and other regulatory and governmental bodies, and investigating or preventing crime;
- ensuring the safety of our customers, employees and other stakeholders;
- undertaking transactional and statistical analysis, and related research;
- for PSI Group’s prudent operational management (including credit and risk management, insurance, audit, systems and products training and similar administrative purposes); and
- any other purposes we notify to you from time to time.
Lawful Grounds for Processing Personal Data
Depending on the precise purpose of processing, the processing of your Personal Data will be for one or more of the following lawful purposes:
- necessary for taking steps to enter into or executing a contract with you for the services or products you request, or for carrying out PSI’s obligations under such a contract, such as when PSI uses your data for some of the purposes listed above;
- necessary to meet PSI’s legal or regulatory responsibilities, including when PSI conducts various cheques and / or makes disclosures to authorities, regulators and government bodies, both as referred to in this document;
- necessary for PSI’s legitimate interests, without unduly affecting your interests or fundamental rights and freedoms, such as: (i) for some of the purposes of processing listed above; (ii) exercising PSI’s rights under Articles 16 and 17 of the Charter of Fundamental Rights including PSI’s freedom to conduct a business and a right to property; (iii) when PSI makes disclosures within the PSI group or to third parties as referenced below; and (iv) meeting our accountability and regulatory requirements around the world – in each case provided such interests are not overridden by your privacy interests;
- in some cases, necessary for the performance of a task carried out in the public interest;
- when PSI processes special categories of personal data, necessary for establishing, exercising or defending legal claims, or where the processing relates to personal data manifestly in the public domain; and
- in limited circumstances, processed with your consent which PSI obtains from you from time to time (for instance where required by laws other than the GDPR), or processed with your explicit consent in the case of special categories of personal data such as your medical information.
Parties To Whom Information May Be Disclosed & How Information Is Used
PSI may, for the purposes of processing mentioned in this document, transfer your Personal Data overseas to other PSI Group companies, to corporate clients in the context of the products and services we offer, or to third parties, as described below. The recipients of Personal Data referred to in this section may be located outside the European Economic Area in countries where data privacy laws are not as stringent as those in effect in the European Union. In those cases (where the relevant country has not been determined by the European Commission to provide an adequate level of protection), An example of this is transfers to Davao, Philippines or Kuala Lumpur, Malaysia. PSI requires such recipients to comply with appropriate measures designed to protect personal data contained within a binding legal agreement. A copy of these measures can be obtained by contacting the Data Protection Officer (“DPO”) at the address at the end of this notice.
Within the PSI Group:
We share Personal Data with other PSI Group companies in order to ensure a consistently high service standard across the PSI Group, and to provide services and products to you.
PSI complies with the EU-U.S. and Swiss-U.S. Privacy Shield Framework principles as set forth by the U.S. Department of Commerce regarding the collection, processing and storage of Personal Data transferred from a controller or processor regulated by EU data protection laws to the United States. The Privacy Shield principles deal with Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (the “Privacy Shield Principles“). For more information on Privacy Shield and the Privacy Shield Principles, please visit http://www.privacyshield.gov/.
PSI has further committed to cooperate with the EU data protection supervisory authorities and the Swiss Federal Data Protection and Information Commissioner (FDPIC) in relation to any unresolved Privacy Shield-related complaints concerning the processing of Personal Data that is subject to Privacy Shield. Please visit the link at the bottom of this document for more information. Furthermore, as a last resort and in limited situations (where other dispute resolution procedures have been exhausted), you may invoke the investigatory and enforcement powers of the U.S. Federal Trade Commission.
With respect to our Corporate Clients, we share your Personal Data, including your exam information, Job Demographics and other information about you with our corporate clients if you have applied for a job with such client. Personal data and exam information are not disclosed to individual candidates or unauthorised third parties, unless otherwise required by law.
We disclose Personal Data, Exam Information, Licensee Updates and other information to licencing agencies, regulatory boards, state governments or professional associations for their files and records. Personal Data may only be disclosed to third parties or entities authorised by PSI. In addition, PSI may disclose Personal Data, exam information and Licensee Updates, when PSI has reason to believe that disclosing such information is necessary to identify, contact, or bring legal action against one who may be causing injury to, or interfering with, PSI’s rights or property, other Site users, others that could be harmed by such activities, or as otherwise required by law. See also our Law Enforcement/Public Authorities below.
We may disclose Personal Data, Exam Information and other information to our customers for whom we are providing data processing services for.
Furthermore, when providing products and services to you, PSI will share your Personal Data with persons acting on your behalf or otherwise involved in the service PSI provides (depending on the type of product or service you receive from PSI). In some instances, PSI also shares Personal Data with its suppliers, including PSI Group companies and other business partners who provide services to PSI, such as IT and hosting providers, marketing providers, communication services and printing providers, debt collection, tracing, debt recovery, fraud prevention, and credit reference agencies, and others. When we do so we take steps to ensure they meet our data security standards.
If PSI is or may be acquired by or merged with another company, if any of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the Personal Data we have collected from and about you to the other company.
Law Enforcement/Public Authorities:
If required from time to time, we disclose Personal Data to public authorities, regulators or governmental bodies, including when required by law or regulation, under a code of practise or conduct, when these authorities or bodies require us to do so, or where we believe, in our discretion, that disclosure is appropriate to protect our rights and interests or the rights and interests of third parties.
Data, Studies and Research:
PSI uses the Exam Information and Job Demographics on an aggregate anonymous basis to support validation study and to develop normative data sets for use in PSI’s businesses for research or other scientific study. PSI does not use any Personal Data for such studies or research.
Storage and Retention of Personal Data
PSI will only retain personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. To help PSI do this, it applies criteria to determine the appropriate periods for retaining your personal data depending on its purpose, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests.
Confidentiality and Security
PSI has put in place various electronic safeguards and managerial processes to prevent unauthorised access or disclosure, maintain data integrity, and ensure the appropriate use of Personal Data. PSI maintains Personal Data, Exam Data and Licensee Updates on secured computers and all customers, exam candidates, and employer accounts are password protected. Of course, no such security and safeguards are 100% effective, but PSI will take commercially reasonable measures to employ security measures designed to protect such information. No Personal Data is knowingly disclosed to third parties except as described herein. Unfortunately, no data transmission over the Internet can be guaranteed to be completely secure. Thus, PSI cannot ensure or warrant the security of any information Site users transmit to the Site.
PSI has in place appropriate technical and organisational measures designed to prevent unauthorised or unlawful access to the Personal Data you have provided. A summary of these measures is available from the DPO through the contact details below. As complete data security cannot be guaranteed, PSI recommends sending any particularly confidential information by an alternative secure means.
This Site is not designed to attract anyone under the age of 16 and children under the age of 16 are not permitted to access or use the Site. In limited circumstances and markets, an educational institution may contract with us to provide testing to their candidates who may be under the age of 16. Additional relevant information will be provided to such test takers through the educational institution or at time of/before test, and use of data governed by that information.
Rectification of Inaccurate Personal Data:
You have a right to ask PSI to rectify inaccurate personal data it collects and processes and the right to request restriction of your personal data pending such a request being considered. PSI is committed to keeping your Personal Data accurate and up-to-date. Therefore, if your Personal Data changes, please inform PSI of the change as soon as possible.
Withdrawal of Consent:
Where PSI processes your personal data based on your consent, you have the right to withdraw that consent at any time. Please also note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to Object and Right of Erasure:
You have a right to ask PSI to stop processing your Personal Data, or to request deletion of your personal data (known as the ‘right to be forgotten’). These rights are not absolute under the GDPR (as sometimes there may be overriding interests that require the processing to continuebut PSI will consider your request and respond to you with the outcome. When Personal Data is processed for direct marketing purposes, your right to object extends to direct marketing, including profiling to the extent it is related to such marketing. You may object to direct marketing by clicking the “unsubscribe” link in any of our emails to you, or by emailing us at firstname.lastname@example.org at any time.
Right to Portability and Right of Subject Access:
Where PSI processes your Personal Data based on your consent, or where such processing is necessary for entering into or performing PSI’s obligations under a contract with you, you may have the right to request your personal data be transferred to you or to another controller. You also have the right to ask PSI for a copy of some or all of the Personal Data it collects and processes about you.
Right Not to be Subject to Automated Decision-Making:
In certain circumstances, PSI may process your Personal Data through automated decision-making, including profiling. Where this takes place, you will be informed of such automated decision-making that uses your Personal Data, be given information on the logic involved, and be informed of the possible consequences of such processing. In certain circumstances, you can request not to be subject to automated decision-making, including profiling.
Right to Restriction of Processing
You have the right to restrict PSI’s processing of your Personal Data where your request for rectification of inaccurate Personal Data or your request to object to Personal Data processing is being considered and in certain other circumstances.
Exercising Your Rights
You can exercise the rights set out above by contacting us using the details at the end of this document.
Data Protection Officer, Representative and Complaints to Data Protection Supervisory Authorities
You may contact our Data Protection Officer through email at email@example.com if you have any questions or if you are not satisfied with any aspect of the processing of your Personal Data by PSI.
If you are not satisfied with PSI’s response, you have the right to make a complaint to the data protection supervisory authority in the jurisdiction where you live or work, or in the place where you think an issue in relation to your Personal Data has arisen.
This document was updated in 15th May 2018. It is a notice explaining what PSI does, rather than a document that binds PSI or any other party contractually. PSI reserves the right to amend it from time to time. If the notice has been updated, PSI will take steps to inform you of the update by appropriate means, depending on how we normally communicate with you.