/
Privacy Policy

Privacy Policy

Overview

PSI Privacy Policy

Information We Collect

Based on the Services provided, we may process the following categories of Personal Data about you as necessary to provide such Services. You can obtain details of the specific categories of information collected by contacting us. Please refer to the Your Legal Rights section below.

For candidates:

We collect Personal Data from candidates for the purposes of administering an assessment if instructed by and on behalf of Clients. The information we collect is generally categorized as follows:

Minimum Personal Data. The following information is the minimum information required to take an assessment and generally use our Services. All Minimum Personal Data is collected regardless of the assessment type taken by a candidate:

  • Contact Information including, but not limited to: first name, last name, candidate ID (which may be candidate’s social security number or an assigned identifier by PSI or the Client), and email address.
  • Assessment Information including your responses to assessments and the resulting reports.

Optional Personal Data. We offer many different types of assessments. As such, we may collect optional information in addition to the Minimum Personal Data described above. Whether Optional Personal Data is collected depends on the assessment and Services requested by the Client.

Please be aware that Optional Personal Data may not always be collected. We collect and retain Optional Personal Data solely at the Client’s discretion and utilize it exclusively to deliver our Services. It is important to note that the collection of Optional Personal Data may be restricted in certain jurisdictions; in such cases, we refrain from collecting such data in those specific regions. If you seek more information regarding Optional Personal Data and its collection in an assessment, we recommend reaching out to the relevant Client who directed you to take the assessment.

  • Contact Information, including, but not limited to phone number, billing address and delivery address. We may also collect telephone number for the purposes of identity verification (e.g. for multi-factor authentication).
  • Identity Information, including, but not limited to address, date of birth, age (range), nationality, identification number, social security number, digital photographs, job function, managerial responsibilities, organization, sector, industry, occupation level, video and audio recordings of assessments, and signatures.
  • Remote Proctoring. We may collect Identity Information through remote proctoring. We provide a service whereby Clients who conduct examinations outside of our examination centres use our remote proctoring service. This service requires the users to log onto our Remote Proctoring platform. The user takes the examinations while being monitored through their webcam, microphone (audio) and through their computer’s desktop which are all accessible to a remote examiner. We collect Identity Information for identity verification, conducting the examination, fraud prevention, quality monitoring purposes, security and integrity, and as otherwise required by law.

Remote proctored examinations are always recorded, including video and audio, regardless of whether a proctor is monitoring in real-time. Additionally, assessments may be recorded in test centres if requested by Clients. The retention period for these recordings is customized by the Client. For more information, please contact the Client or organization who instructed you to take the assessment.

We may also use AI technology during remote proctoring to identify irregularities and ensure the integrity of the examination process. It’s important to note that the use of AI does not impact the assessment itself, nor is the information stored or used for any purposes other than identifying and highlighting potential irregularities. Any flagged irregularity is promptly reviewed and confirmed by human remote proctors to maintain accuracy and fairness in our examination procedures.

  • When strictly required for the purposes of providing the Services, we may also collect Sensitive or Special Category Information, including but not limited to the following:
    • Sensitive Information, including age, race or ethnic origin, religion, creed, sex, gender identity and expression, sexual orientation, and criminal convictions and offences;
    • Biometric Information, including fingerprint and facial images; or
    • Medical Information, including exam results or examination candidates’ requests for examination accommodation.

Biometric information is collected with explicit consent from candidates or on another lawful basis permissible by law. This information is for identification and verification purposes to ensure the secure and efficient delivery of our Services to Clients. The duration for which biometric data is retained complies with the specifications provided by the Client.

  • Financial Information, including, but not limited to bank account and payment card details.
  • Professional or Employment-related Licensure Information, including, but not limited to: licence application information, licence activity, licence history, information relating to continuing education credits, public complaints, board actions taken against a licensee, or any public actions taken against a licensee by regulatory boards or agencies (“Licensee Updates”).

For Clients:

  • Transaction Information, including, but not limited to details about payments to and from you by us and other details about Services and products you have purchased from us.

For PSI employees or PSI job applicants:

  • Recruitment Information, including curriculum vitae, information on references and other information provided to us during the recruitment process, and results of any reference checks and background checks conducted as part of the recruitment process.

For Site visitors:

  • Technical Information, including, but not limited to internet protocol (IP) addresses, your login information, browser type and version, and operating system and platform information. Information about our use of cookies can be found here.
  • Usage Information, including information about how you use our Site and Services and products.

For anyone who has provided their consent in relation to:

  • Marketing and Communications Information, including your preferences in receiving marketing information from us and our third parties along with your communication preferences.

Purposes of Processing

Third Party Disclosures

Security Measures

Location and Retention

International Transfers

Self-certification to the Data Privacy Framework

Legal Bases for Processing

Your Legal Rights

Under applicable data protection laws, which may include the General Data Protection Regulation 2016/679 (“GDPR”), California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2023 (“CCPA”), and other applicable data protection laws (collectively, “Data Protection Laws”), PSI is generally a “Processor” or “Service Provider” (or reasonably equivalent term under Data Protection Laws) of candidates’ Personal Data with respect to the Services provided to our Clients. 

Our Client, or the relevant organization in the supply chain, determines the purposes and means of the processing and is generally the “Controller” or “Business” (or reasonably equivalent term under Data Protection Laws). The contract with our Client sets out our mandate to process your Personal Data in such instances.

We may also act as a Controller/Business in instances where we process Clients’ business-related Transaction Information, provide Services and products directly to you and where we determine the purposes and means of processing your Personal Data. Depending on your jurisdiction, the following rights under Data Protection Laws may apply to you in relation to your Personal Data:

  • The right of access
  • The right of rectification
  • The right of erasure
  • The right to data portability
  • The right to restrict processing
  • The right to object
  • The right to withdraw consent at any time when the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • The right to lodge a complaint with a supervisory authority
  • The right to not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her
  • The right to opt-out of the sale of personal information
  • The right to limit the use and disclosure of sensitive personal information.

If you are a candidate and seek to exercise an applicable right under Data Protection Laws, we encourage you to contact the Client, which is the relevant organization for whom you have taken an assessment, directly, to exercise your rights. As the Client is the Controller/Business, PSI, as a Processor/Service Provider, can only act on the instructions of the Client.

If you wish to contact us directly, we can only forward your request to the Client for instructions on how best to respond to your request. If you wish to exercise any of any applicable rights that you may have or to contact us, please submit a request to us by emailing our Data Protection Officer through our Privacy Portal.

We will not discriminate against you for exercising any of the foregoing rights under Data Protection Laws. You will not have to pay a fee to access your Personal Data or to exercise any of the other rights under Data Protection Laws. Only you, or someone legally authorized to act on your behalf, may make a verifiable request. Your request must provide sufficient information that allows us to reasonably verify that you are the person about whom we collected Personal Data. As a security measure, we may need to request specific information from you to help us confirm your identity.

We try to respond to all legitimate requests within the provided time period under Data Protection Laws. Occasionally it may take us longer than the provided time period if your request is particularly complex or you have made several requests. In this case, we will notify you.

Marketing Communications

Third-Party Links

Children

Updates to Privacy Policy